CVE-2021-22002 - Vulnerability Details

Vendors	Products
Linux	Linux Kernel
Vmware	Cloud Foundation Identity Manager Vrealize Suite Lifecycle Manager Workspace One Access

Link	Providers
https://www.vmware.com/security/advisories/VMSA-2021-0016.html

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "VMware Workspace ONE Access, Identity Manager and vRealize Automation", "vendor": "n/a", "versions": [{"status": "affected", "version": "Workspace ONE Access 20.10.01, 20.10 & 20.01. Identity Manager 3.3.5, 3.3.4, 3.3.3 & 3.3.2. vRealize Automation (vIDM) 7.6."}]}], "descriptions": [{"lang": "en", "value": "VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication."}], "problemTypes": [{"descriptions": [{"description": "Host header vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-08-31T21:02:21", "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.vmware.com/security/advisories/VMSA-2021-0016.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@vmware.com", "ID": "CVE-2021-22002", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "VMware Workspace ONE Access, Identity Manager and vRealize Automation", "version": {"version_data": [{"version_value": "Workspace ONE Access 20.10.01, 20.10 & 20.01. Identity Manager 3.3.5, 3.3.4, 3.3.3 & 3.3.2. vRealize Automation (vIDM) 7.6."}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Host header vulnerability"}]}]}, "references": {"reference_data": [{"name": "https://www.vmware.com/security/advisories/VMSA-2021-0016.html", "refsource": "MISC", "url": "https://www.vmware.com/security/advisories/VMSA-2021-0016.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:30:23.707Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.vmware.com/security/advisories/VMSA-2021-0016.html"}]}]}, "cveMetadata": {"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "assignerShortName": "vmware", "cveId": "CVE-2021-22002", "datePublished": "2021-08-31T21:02:21", "dateReserved": "2021-01-04T00:00:00", "dateUpdated": "2024-08-03T18:30:23.707Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : VMware Workspace ONE Access, Identity Manager and vRealize Automation (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : Workspace ONE Access 20.10.01, 20.10 & 20.01. Identity Manager 3.3.5, 3.3.4, 3.3.3 & 3.3.2. vRealize Automation (vIDM) 7.6. (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Host header vulnerability (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2021-08-31T21:02:21 (string)

orgId : dcf2e128-44bd-42ed-91e8-88f912c1401d (string)

shortName : vmware (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.vmware.com/security/advisories/VMSA-2021-0016.html (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : security@vmware.com (string)

ID : CVE-2021-22002 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : VMware Workspace ONE Access, Identity Manager and vRealize Automation (string)

version : { »

version_data : [ »

0 : { »

version_value : Workspace ONE Access 20.10.01, 20.10 & 20.01. Identity Manager 3.3.5, 3.3.4, 3.3.3 & 3.3.2. vRealize Automation (vIDM) 7.6. (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Host header vulnerability (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://www.vmware.com/security/advisories/VMSA-2021-0016.html (string)

refsource : MISC (string)

url : https://www.vmware.com/security/advisories/VMSA-2021-0016.html (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T18:30:23.707Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.vmware.com/security/advisories/VMSA-2021-0016.html (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : dcf2e128-44bd-42ed-91e8-88f912c1401d (string)

assignerShortName : vmware (string)

cveId : CVE-2021-22002 (string)

datePublished : 2021-08-31T21:02:21 (string)

dateReserved : 2021-01-04T00:00:00 (string)

dateUpdated : 2024-08-03T18:30:23.707Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "22BC2D96-5922-4995-B006-1BAB5FE51D93", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "97D98937-489B-4AA5-B99E-9AB639C582CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "0E93CB5E-CB4A-474A-9901-2E098928C489", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "2A215A7D-F644-41DE-AB4E-69145DA48F9F", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.01:*:*:*:*:*:*:*", "matchCriteriaId": "FFFD453B-7658-4FDA-BA4D-B13681F51724", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.10:*:*:*:*:*:*:*", "matchCriteriaId": "EDC57F3A-E726-4EE5-924D-9C94FED4718D", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.10.01:*:*:*:*:*:*:*", "matchCriteriaId": "6C2F7CB4-8425-4D9F-97FC-AD96D9ABC202", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "38EB0C0C-56CF-4A8F-A36F-E0E180B9059E", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A54544F5-5929-4609-A91C-FCA0FDBFE862", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "CA6D6348-E71A-4DA4-AC84-51397B2461A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "C8EC0B43-8667-45D6-BF97-03DDFFAD2AF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "DC4C5700-1AFE-49F6-AC92-09F2349345ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "E3318D91-40AC-4649-8FCD-4557C8F934B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A06C29AB-1EAF-43EF-96C3-9E3468911B2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "43723EC2-295E-4AF7-B654-70F9E42F4807", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "CFB84C30-EE5D-4C15-A74E-7B2B3E0DED4D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication."}, {"lang": "es", "value": "VMware Workspace ONE Access y Identity Manager, permiten el acceso a la aplicaci\u00f3n web /cfg y a los endpoints de diagn\u00f3stico, en el puerto 8443, por medio del puerto 443 usando un encabezado de host personalizado. Un actor malicioso con acceso de red al puerto 443 podr\u00eda manipular los encabezados de host para facilitar el acceso a la aplicaci\u00f3n web /cfg, adem\u00e1s, un actor malicioso podr\u00eda acceder a los endpoints de diagn\u00f3stico /cfg sin autenticaci\u00f3n"}], "id": "CVE-2021-22002", "lastModified": "2024-11-21T05:49:25.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-08-31T22:15:08.320", "references": [{"source": "security@vmware.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.vmware.com/security/advisories/VMSA-2021-0016.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.vmware.com/security/advisories/VMSA-2021-0016.html"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:vmware:identity_manager:3.3.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 22BC2D96-5922-4995-B006-1BAB5FE51D93 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:vmware:identity_manager:3.3.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 97D98937-489B-4AA5-B99E-9AB639C582CA (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 0E93CB5E-CB4A-474A-9901-2E098928C489 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 2A215A7D-F644-41DE-AB4E-69145DA48F9F (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:vmware:workspace_one_access:20.01:*:*:*:*:*:*:* (string)

matchCriteriaId : FFFD453B-7658-4FDA-BA4D-B13681F51724 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:vmware:workspace_one_access:20.10:*:*:*:*:*:*:* (string)

matchCriteriaId : EDC57F3A-E726-4EE5-924D-9C94FED4718D (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:vmware:workspace_one_access:20.10.01:*:*:*:*:*:*:* (string)

matchCriteriaId : 6C2F7CB4-8425-4D9F-97FC-AD96D9ABC202 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 703AF700-7A70-47E2-BC3A-7FD03B3CA9C1 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:vmware:cloud_foundation:4.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 38EB0C0C-56CF-4A8F-A36F-E0E180B9059E (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:vmware:cloud_foundation:4.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : A54544F5-5929-4609-A91C-FCA0FDBFE862 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:vmware:cloud_foundation:4.1:*:*:*:*:*:*:* (string)

matchCriteriaId : CA6D6348-E71A-4DA4-AC84-51397B2461A2 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:vmware:cloud_foundation:4.1.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : C8EC0B43-8667-45D6-BF97-03DDFFAD2AF9 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:vmware:cloud_foundation:4.2.1:*:*:*:*:*:*:* (string)

matchCriteriaId : DC4C5700-1AFE-49F6-AC92-09F2349345ED (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.0:*:*:*:*:*:*:* (string)

matchCriteriaId : E3318D91-40AC-4649-8FCD-4557C8F934B9 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : A06C29AB-1EAF-43EF-96C3-9E3468911B2F (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 43723EC2-295E-4AF7-B654-70F9E42F4807 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.2:*:*:*:*:*:*:* (string)

matchCriteriaId : CFB84C30-EE5D-4C15-A74E-7B2B3E0DED4D (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication. (string)

}

1 : { »

lang : es (string)

value : VMware Workspace ONE Access y Identity Manager, permiten el acceso a la aplicación web /cfg y a los endpoints de diagnóstico, en el puerto 8443, por medio del puerto 443 usando un encabezado de host personalizado. Un actor malicioso con acceso de red al puerto 443 podría manipular los encabezados de host para facilitar el acceso a la aplicación web /cfg, además, un actor malicioso podría acceder a los endpoints de diagnóstico /cfg sin autenticación (string)

}

]

id : CVE-2021-22002 (string)

lastModified : 2024-11-21T05:49:25.223 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 7.5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 9.8 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2021-08-31T22:15:08.320 (string)

references : [ »

0 : { »

source : security@vmware.com (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://www.vmware.com/security/advisories/VMSA-2021-0016.html (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://www.vmware.com/security/advisories/VMSA-2021-0016.html (string)

}

]

sourceIdentifier : security@vmware.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-287 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object