March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Advisory – Multiple Apache Vulnerabilities
December 21, 2021
Rewterz Threat Advisory – CVE-2021-41260 – Mozilla Thunderbird Vulnerability
December 21, 2021
Rewterz Threat Advisory – Multiple Apache Vulnerabilities
December 21, 2021
Rewterz Threat Advisory – CVE-2021-41260 – Mozilla Thunderbird Vulnerability
December 21, 2021
Severity
High
Analysis Summary
CVE-2021-22057
VMware Workspace ONE Access could allow a remote authenticated attacker to bypass security restrictions, caused by improper authentication validation. By sending a specially-crafted request using the first-factor authentication, an attacker could exploit this vulnerability to obtain second-factor authentication provided by VMware Verify.
CVE-2021-22056
VMware Workspace ONE Access and Identity Manager are vulnerable to server-side request forgery, caused by an unspecified flaw. By sending specially-crafted HTTP requests to arbitrary origins, an attacker could exploit this vulnerability to read the full response..
Impact
- Security Bypass
- Unauthorized Access
Affected Vendors
VMware
Affected Products
- VMware Access 21.08
- VMware Access 20.10.0.1
- VMware Access 20.10
- VMware Cloud Foundation 3.0
- VMware Cloud Foundation 4.0
- VMware vIDM 3.3.5
- VMware vIDM 3.3.4
- VMware vRealize Automation 7.6
- VMware vRealize Suite Lifecycle Manager 8.0
Remediation
Refer to VMware Security Advisory for patch, upgrade or suggested workaround information.