CVE-2021-22056 - Vulnerability Details

Vendors	Products
Linux	Linux Kernel
Vmware	Identity Manager Vrealize Automation Workspace One Access

Link	Providers
https://www.vmware.com/security/advisories/VMSA-2021-0030.html

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "VMware Workspace ONE Access and Identity Manager", "vendor": "n/a", "versions": [{"status": "affected", "version": "VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3"}]}], "descriptions": [{"lang": "en", "value": "VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response."}], "problemTypes": [{"descriptions": [{"description": "VMware Workspace Access and Identity Manager patches SSRF vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-12-20T20:08:27", "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.vmware.com/security/advisories/VMSA-2021-0030.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@vmware.com", "ID": "CVE-2021-22056", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "VMware Workspace ONE Access and Identity Manager", "version": {"version_data": [{"version_value": "VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "VMware Workspace Access and Identity Manager patches SSRF vulnerability"}]}]}, "references": {"reference_data": [{"name": "https://www.vmware.com/security/advisories/VMSA-2021-0030.html", "refsource": "MISC", "url": "https://www.vmware.com/security/advisories/VMSA-2021-0030.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:30:23.964Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.vmware.com/security/advisories/VMSA-2021-0030.html"}]}]}, "cveMetadata": {"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "assignerShortName": "vmware", "cveId": "CVE-2021-22056", "datePublished": "2021-12-20T20:08:27", "dateReserved": "2021-01-04T00:00:00", "dateUpdated": "2024-08-03T18:30:23.964Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : VMware Workspace ONE Access and Identity Manager (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : VMware Workspace Access and Identity Manager patches SSRF vulnerability (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2021-12-20T20:08:27 (string)

orgId : dcf2e128-44bd-42ed-91e8-88f912c1401d (string)

shortName : vmware (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.vmware.com/security/advisories/VMSA-2021-0030.html (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : security@vmware.com (string)

ID : CVE-2021-22056 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : VMware Workspace ONE Access and Identity Manager (string)

version : { »

version_data : [ »

0 : { »

version_value : VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : VMware Workspace Access and Identity Manager patches SSRF vulnerability (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://www.vmware.com/security/advisories/VMSA-2021-0030.html (string)

refsource : MISC (string)

url : https://www.vmware.com/security/advisories/VMSA-2021-0030.html (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T18:30:23.964Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.vmware.com/security/advisories/VMSA-2021-0030.html (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : dcf2e128-44bd-42ed-91e8-88f912c1401d (string)

assignerShortName : vmware (string)

cveId : CVE-2021-22056 (string)

datePublished : 2021-12-20T20:08:27 (string)

dateReserved : 2021-01-04T00:00:00 (string)

dateUpdated : 2024-08-03T18:30:23.964Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "97D98937-489B-4AA5-B99E-9AB639C582CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "0E93CB5E-CB4A-474A-9901-2E098928C489", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "2A215A7D-F644-41DE-AB4E-69145DA48F9F", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vrealize_automation:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F5937FC-B5FF-432C-9120-7138D0FD7665", "versionEndIncluding": "8.6", "versionStartIncluding": "8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vrealize_automation:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "471BB5AF-3744-45FE-937D-BBEC421035EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.10:*:*:*:*:*:*:*", "matchCriteriaId": "EDC57F3A-E726-4EE5-924D-9C94FED4718D", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workspace_one_access:20.10.01:*:*:*:*:*:*:*", "matchCriteriaId": "6C2F7CB4-8425-4D9F-97FC-AD96D9ABC202", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workspace_one_access:21.08:*:*:*:*:*:*:*", "matchCriteriaId": "A6D31E45-25F5-4842-98FD-2CD68D2C786B", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workspace_one_access:21.08.01:*:*:*:*:*:*:*", "matchCriteriaId": "90BB4A84-0BE5-4228-AB80-33E04B7716C3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response."}, {"lang": "es", "value": "VMware Workspace ONE Access versiones 21.08, 20.10.0.1 y 20.10 y Identity Manager versiones 3.3.5, 3.3.4 y 3.3.3, contienen una vulnerabilidad de tipo SSRF. Un actor malicioso con acceso a la red puede ser capaz de realizar peticiones HTTP a or\u00edgenes arbitrarios y leer la respuesta completa"}], "id": "CVE-2021-22056", "lastModified": "2024-11-21T05:49:30.793", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-12-20T21:15:07.960", "references": [{"source": "security@vmware.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.vmware.com/security/advisories/VMSA-2021-0030.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.vmware.com/security/advisories/VMSA-2021-0030.html"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:vmware:identity_manager:3.3.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 97D98937-489B-4AA5-B99E-9AB639C582CA (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 0E93CB5E-CB4A-474A-9901-2E098928C489 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 2A215A7D-F644-41DE-AB4E-69145DA48F9F (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:vmware:vrealize_automation:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 3F5937FC-B5FF-432C-9120-7138D0FD7665 (string)

versionEndIncluding : 8.6 (string)

versionStartIncluding : 8.0 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:vmware:vrealize_automation:7.6:*:*:*:*:*:*:* (string)

matchCriteriaId : 471BB5AF-3744-45FE-937D-BBEC421035EB (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:vmware:workspace_one_access:20.10:*:*:*:*:*:*:* (string)

matchCriteriaId : EDC57F3A-E726-4EE5-924D-9C94FED4718D (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:vmware:workspace_one_access:20.10.01:*:*:*:*:*:*:* (string)

matchCriteriaId : 6C2F7CB4-8425-4D9F-97FC-AD96D9ABC202 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:vmware:workspace_one_access:21.08:*:*:*:*:*:*:* (string)

matchCriteriaId : A6D31E45-25F5-4842-98FD-2CD68D2C786B (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:vmware:workspace_one_access:21.08.01:*:*:*:*:*:*:* (string)

matchCriteriaId : 90BB4A84-0BE5-4228-AB80-33E04B7716C3 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 703AF700-7A70-47E2-BC3A-7FD03B3CA9C1 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response. (string)

}

1 : { »

lang : es (string)

value : VMware Workspace ONE Access versiones 21.08, 20.10.0.1 y 20.10 y Identity Manager versiones 3.3.5, 3.3.4 y 3.3.3, contienen una vulnerabilidad de tipo SSRF. Un actor malicioso con acceso a la red puede ser capaz de realizar peticiones HTTP a orígenes arbitrarios y leer la respuesta completa (string)

}

]

id : CVE-2021-22056 (string)

lastModified : 2024-11-21T05:49:30.793 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2021-12-20T21:15:07.960 (string)

references : [ »

0 : { »

source : security@vmware.com (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://www.vmware.com/security/advisories/VMSA-2021-0030.html (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://www.vmware.com/security/advisories/VMSA-2021-0030.html (string)

}

]

sourceIdentifier : security@vmware.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-918 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object