VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and password complexity for the target account.
References
Link | Resource |
---|---|
https://www.vmware.com/security/advisories/VMSA-2021-0016.html | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
|
Information
Published : 2021-08-31 15:15
Updated : 2021-09-09 05:58
NVD link : CVE-2021-22003
Mitre link : CVE-2021-22003
JSON object : View
CWE
CWE-307
Improper Restriction of Excessive Authentication Attempts
Products Affected
vmware
- cloud_foundation
- workspace_one_access
- identity_manager
- vrealize_suite_lifecycle_manager
linux
- linux_kernel