Improper Authentication in VMware Workspace One Access

#VU59055 Improper Authentication in VMware Workspace One Access

Published: 2021-12-20

Vulnerability identifier: #VU59055

Vulnerability risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-22057

CWE-ID: CWE-287

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
VMware Workspace One Access
Operating systems & Components / Operating system package or component

Vendor: VMware, Inc

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error when processing 2FA authentication. A remote attacker can obtain the second-factor authentication provided by VMware Verify and gain unauthorized access to the application.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

VMware Workspace One Access: 20.10.0.0 - 21.08.0.1

External links
http://www.vmware.com/security/advisories/VMSA-2021-0030.html
http://kb.vmware.com/s/article/87183

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

2FA bypass in vRealize Suite Lifecycle Manager (vIDM)

Multiple vulnerabilities in VMware Workspace ONE Access