VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication.
References
Link | Resource |
---|---|
https://www.vmware.com/security/advisories/VMSA-2021-0016.html | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: vmware
Published: 2021-08-31T21:02:21
Updated: 2021-08-31T21:02:21
Reserved: 2021-01-04T00:00:00
Link: CVE-2021-22002
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-08-31T22:15:08.320
Modified: 2021-09-09T13:58:28.360
Link: CVE-2021-22002
JSON object: View
Redhat Information
No data.
CWE