Authentication Bypass Vulnerability in VMware Workspace ONE Access
CVE-2021-22057

8.8HIGH

Key Information:

Vendor

Vmware
Status
Vmware Workspace One Access
Vendor
CVE Published:
20 December 2021

What is CVE-2021-22057?

VMware Workspace ONE Access versions 21.08, 20.10.0.1, and 20.10 are affected by an authentication bypass vulnerability. Attackers who have successfully executed first-factor authentication may exploit this vulnerability to bypass security measures and gain unauthorized access to second-factor authentication provided by VMware Verify, potentially compromising user accounts and sensitive data.

Affected Version(s)

VMware Workspace ONE Access VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10

References

https://www.vmware.com/security/advisories/VMSA-2021-0030...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.