Workspace One Access
CVE-2021-22057
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an authentication bypass vulnerability. A malicious actor, who has successfully provided first-factor authentication, may be able to obtain second-factor authentication provided by VMware Verify.
AnalysisAI
VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an authentication bypass vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
Technical ContextAI
VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an authentication bypass vulnerability. A malicious actor, who has successfully provided first-factor authentication, may be able to obtain second-factor authentication provided by VMware Verify. Affected products include: Vmware Workspace One Access.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Workspace One Access
View allVMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side templa
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due t
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability aff
VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth
VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be a
VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. Rated high severity (CVSS
VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vul
VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. Rated high sev
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities
VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. Rated medium severit
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today