Vulnerabilities > CVE-2021-22155 - Incorrect Authorization vulnerability in Blackberry Workspaces Server

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

blackberry

CWE-863

NVD

Published: 2021-05-13

Updated: 2021-06-01

Summary

An Authentication Bypass vulnerability in the SAML Authentication component of BlackBerry Workspaces Server (deployed with Appliance-X) version(s) 10.1, 9.1 and earlier could allow an attacker to potentially gain access to the application in the context of the targeted user’s account.

Vulnerable Configurations

Part	Description	Count
Application	Blackberry Blackberry Workspaces Server 10.1 Blackberry Workspaces Server - Blackberry Workspaces Server 7.0.1 Blackberry Workspaces Server 7.1.2 Blackberry Workspaces Server 7.1.3 Blackberry Workspaces Server 8.0.0 Blackberry Workspaces Server 8.0.1 Blackberry Workspaces Server 8.0.2 Blackberry Workspaces Server 8.0.3 Blackberry Workspaces Server 8.0.4 Blackberry Workspaces Server 8.1.0 Blackberry Workspaces Server 8.2.6 Blackberry Workspaces Server 9.0 Blackberry Workspaces Server 9.1	14

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://support.blackberry.com/kb/articleDetail?articleNumber=000078926