VMware Workspace ONE Access could allow a remote authenticated attacker to bypass security restrictions, caused by improper authentication validation. By sending a specially-crafted request using the first-factor authentication, an attacker could exploit this vulnerability to obtain second-factor authentication provided by VMware Verify.
VMware Workspace ONE Access and Identity Manager are vulnerable to server-side request forgery, caused by an unspecified flaw. By sending specially-crafted HTTP requests to arbitrary origins, an attacker could exploit this vulnerability to read the full response..
Refer to VMware Security Advisory for patch, upgrade or suggested workaround information.