CVE-2021-22003

Name of the Vulnerable Software and Affected Versions VMware Workspace ONE Access and Identity Manager (affected versions not specified)

Description The issue is related to the unintentional provision of a login interface on port 7443, which may allow a malicious actor with network access to attempt user enumeration or brute force the login endpoint. The practicality of such attempts depends on the lockout policy configuration and password complexity for the target account. Additionally, there is a concern about the transmission of data over an insecure primary channel, which could enable a remote attacker to bypass existing security restrictions using a brute force attack.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.