7.5
CVE-2021-22003
- EPSS 0.36%
- Published 31.08.2021 22:15:08
- Last modified 21.11.2024 05:49:25
- Source security@vmware.com
- Teams watchlist Login
- Open Login
VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and password complexity for the target account.
Data is provided by the National Vulnerability Database (NVD)
VMware ≫ Identity Manager Version3.3.2
VMware ≫ Identity Manager Version3.3.3
VMware ≫ Identity Manager Version3.3.4
VMware ≫ Identity Manager Version3.3.5
VMware ≫ Workspace One Access Version20.01
VMware ≫ Workspace One Access Version20.10
VMware ≫ Workspace One Access Version20.10.01
VMware ≫ Cloud Foundation Version4.0
VMware ≫ Cloud Foundation Version4.0.1
VMware ≫ Cloud Foundation Version4.1
VMware ≫ Cloud Foundation Version4.1.0.1
VMware ≫ Cloud Foundation Version4.2.1
VMware ≫ Vrealize Suite Lifecycle Manager Version8.0
VMware ≫ Vrealize Suite Lifecycle Manager Version8.0.1
VMware ≫ Vrealize Suite Lifecycle Manager Version8.1
VMware ≫ Vrealize Suite Lifecycle Manager Version8.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.36% | 0.548 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-307 Improper Restriction of Excessive Authentication Attempts
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.