Vulnerabilities > CVE-2021-22003 - Improper Restriction of Excessive Authentication Attempts vulnerability in VMWare products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

vmware

CWE-307

NVD

Published: 2021-08-31

Updated: 2021-09-09

Summary

VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and password complexity for the target account.

Vulnerable Configurations

Part	Description	Count
Application	Vmware Vmware Identity Manager 3.3.2 Vmware Identity Manager 3.3.3 Vmware Identity Manager 3.3.4 Vmware Identity Manager 3.3.5 Vmware Workspace ONE Access 20.01 Vmware Workspace ONE Access 20.10 Vmware Workspace ONE Access 20.10.01 Vmware Cloud Foundation 4.0 Vmware Cloud Foundation 4.0.1 Vmware Cloud Foundation 4.1 Vmware Cloud Foundation 4.2.1 Vmware Cloud Foundation 4.1.0.1 Vmware Vrealize Suite Lifecycle Manager 8.0 Vmware Vrealize Suite Lifecycle Manager 8.0.1 Vmware Vrealize Suite Lifecycle Manager 8.1 Vmware Vrealize Suite Lifecycle Manager 8.2	16
OS	Linux Linux Linux Kernel -	1

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

References

https://www.vmware.com/security/advisories/VMSA-2021-0016.html