VMware issued a security advisory for a High risk vulnerability that impacts VMware Workspace ONE Access and Identity Manager. Another vulnerability was also addressed in vRealize Automation products.
An attacker could exploit one of these vulnerabilities and take control of an unpatched system.
For the first vulnerability (CVE-2021-22002), host header tampering could lead to server side request on internal restricted service on VMware Workspace ONE Access and Identity Manager.
“A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication.,” VMware stated in the advisory.
The vulnerability has a CVSSv3 base score of 8.6 or High severity.
For the second vulnerability (CVE-2021-22003), VMware Workspace ONE Access and Identity Manager could unintentionally provide a login interface on port 7443.
“A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and password complexity for the target account,” VMware noted in the advisory.
The vulnerability has a CVSSv3 base score of 3.7 or Low severity.
VMware has provided patches and workarounds to address these vulnerabilities in impacted VMware products.
- Babuk ransomware: Soon to be targeting VMware and *nix systems?
- VMware patches 2 High risk ESXi vulnerabilities
- VMware patches Critical Carbon Black AppC authentication bypass vulnerability (CVE-2021-21998)
- VMware patches Critical vulnerability that exposed thousands of servers online
- VMware issues workaround for Critical command injection vulnerability (CVE-2020-4006) – Updated