Poisonjuoice
Professional
- Messages
- 220
- Reaction score
- 106
- Points
- 28
- Telegram
- @poisonjuice0875
VMware recently released a security update for several products to address two critical vulnerabilities. The criticalities, identified as CVE-2021-22002 and CVE-2021-22003, affect VMware Workspace One Access, VMware Identity Manager,
VMware vRealize Automation, VMware Cloud Foundation, and vRealize Suite Lifecycle Manager. CVE-2021-22002 allows access to the web app and diagnostic endpoints over port 443. This vulnerability affects VMware Workspace One Access and Identity Manager. CVE-2021-22003, on the other hand, concerns the access interface on port 7443. Through this port a user could carry out a brute force attack.
For customers who cannot upgrade, VMware offers a workaround that can be independently deployed.
VMware vRealize Automation, VMware Cloud Foundation, and vRealize Suite Lifecycle Manager. CVE-2021-22002 allows access to the web app and diagnostic endpoints over port 443. This vulnerability affects VMware Workspace One Access and Identity Manager. CVE-2021-22003, on the other hand, concerns the access interface on port 7443. Through this port a user could carry out a brute force attack.
For customers who cannot upgrade, VMware offers a workaround that can be independently deployed.
