CVE-2021-22002 (GCVE-0-2021-22002)

Vulnerability from cvelistv5 – Published: 2021-08-31 21:02 – Updated: 2024-08-03 18:30
VLAI?
Summary
VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication.
Severity ?
No CVSS data available.
CWE
  • Host header vulnerability
Assigner
References
Impacted products
Vendor Product Version
n/a VMware Workspace ONE Access, Identity Manager and vRealize Automation Affected: Workspace ONE Access 20.10.01, 20.10 & 20.01. Identity Manager 3.3.5, 3.3.4, 3.3.3 & 3.3.2. vRealize Automation (vIDM) 7.6.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:30:23.707Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.vmware.com/security/advisories/VMSA-2021-0016.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Workspace ONE Access 20.10.01, 20.10 \u0026 20.01. Identity Manager 3.3.5, 3.3.4, 3.3.3 \u0026 3.3.2. vRealize Automation (vIDM) 7.6."
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Host header vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-31T21:02:21",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.vmware.com/security/advisories/VMSA-2021-0016.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@vmware.com",
          "ID": "CVE-2021-22002",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Workspace ONE Access 20.10.01, 20.10 \u0026 20.01. Identity Manager 3.3.5, 3.3.4, 3.3.3 \u0026 3.3.2. vRealize Automation (vIDM) 7.6."
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Host header vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.vmware.com/security/advisories/VMSA-2021-0016.html",
              "refsource": "MISC",
              "url": "https://www.vmware.com/security/advisories/VMSA-2021-0016.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2021-22002",
    "datePublished": "2021-08-31T21:02:21",
    "dateReserved": "2021-01-04T00:00:00",
    "dateUpdated": "2024-08-03T18:30:23.707Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-22002\",\"sourceIdentifier\":\"security@vmware.com\",\"published\":\"2021-08-31T22:15:08.320\",\"lastModified\":\"2024-11-21T05:49:25.223\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication.\"},{\"lang\":\"es\",\"value\":\"VMware Workspace ONE Access y Identity Manager, permiten el acceso a la aplicaci\u00f3n web /cfg y a los endpoints de diagn\u00f3stico, en el puerto 8443, por medio del puerto 443 usando un encabezado de host personalizado. Un actor malicioso con acceso de red al puerto 443 podr\u00eda manipular los encabezados de host para facilitar el acceso a la aplicaci\u00f3n web /cfg, adem\u00e1s, un actor malicioso podr\u00eda acceder a los endpoints de diagn\u00f3stico /cfg sin autenticaci\u00f3n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:identity_manager:3.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22BC2D96-5922-4995-B006-1BAB5FE51D93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:identity_manager:3.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97D98937-489B-4AA5-B99E-9AB639C582CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E93CB5E-CB4A-474A-9901-2E098928C489\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A215A7D-F644-41DE-AB4E-69145DA48F9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workspace_one_access:20.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFFD453B-7658-4FDA-BA4D-B13681F51724\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workspace_one_access:20.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDC57F3A-E726-4EE5-924D-9C94FED4718D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workspace_one_access:20.10.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C2F7CB4-8425-4D9F-97FC-AD96D9ABC202\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:cloud_foundation:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38EB0C0C-56CF-4A8F-A36F-E0E180B9059E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:cloud_foundation:4.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A54544F5-5929-4609-A91C-FCA0FDBFE862\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:cloud_foundation:4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA6D6348-E71A-4DA4-AC84-51397B2461A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:cloud_foundation:4.1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8EC0B43-8667-45D6-BF97-03DDFFAD2AF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:cloud_foundation:4.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC4C5700-1AFE-49F6-AC92-09F2349345ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3318D91-40AC-4649-8FCD-4557C8F934B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A06C29AB-1EAF-43EF-96C3-9E3468911B2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43723EC2-295E-4AF7-B654-70F9E42F4807\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFB84C30-EE5D-4C15-A74E-7B2B3E0DED4D\"}]}]}],\"references\":[{\"url\":\"https://www.vmware.com/security/advisories/VMSA-2021-0016.html\",\"source\":\"security@vmware.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.vmware.com/security/advisories/VMSA-2021-0016.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.