CVE-2021-22056

7.5HIGH

Key Information:

Vendor: Vmware
Status: Vmware Workspace One Access And Identity Manager
Vendor: CVE Published:; 20 December 2021

Summary

VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response.

Affected Version(s)

VMware Workspace ONE Access and Identity Manager VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3

References

https://www.vmware.com/security/advisories/VMSA-2021-0030...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 20, 2021
Vulnerability Reserved
Jan 4, 2021