Access Control Vulnerability in VMware Workspace ONE Access and Identity Manager
CVE-2021-22002
9.8CRITICAL
Key Information:
- Vendor
Vmware
- Vendor
- CVE Published:
- 31 August 2021
What is CVE-2021-22002?
A vulnerability in VMware Workspace ONE Access and Identity Manager permits unauthorized access to the /cfg web application and diagnostic endpoints through port 443. By manipulating host headers, an attacker with network access to port 443 can compromise potentially sensitive data and perform unauthorized actions on the /cfg application. Additionally, this vulnerability allows for unauthorized access to diagnostic endpoints without any form of authentication, posing significant security risks to affected systems.
Affected Version(s)
VMware Workspace ONE Access, Identity Manager and vRealize Automation Workspace ONE Access 20.10.01, 20.10 & 20.01. Identity Manager 3.3.5, 3.3.4, 3.3.3 & 3.3.2. vRealize Automation (vIDM) 7.6.