CVE-2021-22003

VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and password complexity for the target account.

Published: Sep 1, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-22003
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-307

Affected Software
References

Software	From	Fixed in
vmware / identity_manager	3.3.2	3.3.2.x
vmware / identity_manager	3.3.3	3.3.3.x
vmware / identity_manager	3.3.4	3.3.4.x
vmware / identity_manager	3.3.5	3.3.5.x
vmware / workspace_one_access	20.01	20.01.x
vmware / workspace_one_access	20.10	20.10.x
vmware / workspace_one_access	20.10.01	20.10.01.x
vmware / cloud_foundation	4.0	4.0.x
vmware / cloud_foundation	4.0.1	4.0.1.x
vmware / vrealize_suite_lifecycle_manager	8.0	8.0.x
vmware / vrealize_suite_lifecycle_manager	8.0.1	8.0.1.x
vmware / vrealize_suite_lifecycle_manager	8.1	8.1.x
vmware / vrealize_suite_lifecycle_manager	8.2	8.2.x
vmware / cloud_foundation	4.1	4.1.x
vmware / cloud_foundation	4.2.1	4.2.1.x
vmware / cloud_foundation	4.1.0.1	4.1.0.1.x

https://www.vmware.com/security/advisories/VMSA-2021-0016.html

Vulnerability Database

289,697

CVE-2021-22003