CVE-2021-22003
First published: Tue Aug 31 2021(Updated: )
VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and password complexity for the target account.
Credit: security@vmware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware Identity Manager | =3.3.2 | |
| VMware Identity Manager | =3.3.3 | |
| VMware Identity Manager | =3.3.4 | |
| VMware Identity Manager | =3.3.5 | |
| VMware Workspace ONE Access | =20.01 | |
| VMware Workspace ONE Access | =20.10 | |
| VMware Workspace ONE Access | =20.10.01 | |
| Linux Linux kernel | ||
| VMware Cloud Foundation | =4.0 | |
| VMware Cloud Foundation | =4.0.1 | |
| VMware Cloud Foundation | =4.1 | |
| VMware Cloud Foundation | =4.1.0.1 | |
| VMware Cloud Foundation | =4.2.1 | |
| Vmware Vrealize Suite Lifecycle Manager | =8.0 | |
| Vmware Vrealize Suite Lifecycle Manager | =8.0.1 | |
| Vmware Vrealize Suite Lifecycle Manager | =8.1 | |
| Vmware Vrealize Suite Lifecycle Manager | =8.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-22003?
CVE-2021-22003 is a vulnerability in VMware Workspace ONE Access and Identity Manager that unintentionally provides a login interface on port 7443.
What is the severity of CVE-2021-22003?
CVE-2021-22003 has a severity level of 7.5 (high).
Which software is affected by CVE-2021-22003?
CVE-2021-22003 affects VMware Identity Manager versions 3.3.2, 3.3.3, 3.3.4, and 3.3.5, as well as VMware Workspace ONE Access versions 20.01, 20.10, and 20.10.01.
What can a malicious actor do with CVE-2021-22003?
A malicious actor with network access to port 7443 can attempt user enumeration or brute force the login endpoint.
How can I fix CVE-2021-22003?
To fix CVE-2021-22003, apply the necessary security updates provided by VMware.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/remedy
- agent/severity
- agent/author
- agent/references
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- vendor/vmware
- canonical/vmware identity manager
- version/vmware identity manager/3.3.2
- version/vmware identity manager/3.3.3
- version/vmware identity manager/3.3.4
- version/vmware identity manager/3.3.5
- canonical/vmware workspace one access
- version/vmware workspace one access/20.01
- version/vmware workspace one access/20.10
- version/vmware workspace one access/20.10.01
- vendor/linux
- canonical/linux linux kernel
- canonical/vmware cloud foundation
- version/vmware cloud foundation/4.0
- version/vmware cloud foundation/4.0.1
- version/vmware cloud foundation/4.1
- version/vmware cloud foundation/4.1.0.1
- version/vmware cloud foundation/4.2.1
- canonical/vmware vrealize suite lifecycle manager
- version/vmware vrealize suite lifecycle manager/8.0
- version/vmware vrealize suite lifecycle manager/8.0.1
- version/vmware vrealize suite lifecycle manager/8.1
- version/vmware vrealize suite lifecycle manager/8.2