CVE-2021-22057

Name of the Vulnerable Software and Affected Versions VMware Workspace ONE Access versions 20.10 through 21.08

Description The issue is related to an authentication bypass vulnerability in the VMware Verify component of the Workspace ONE Access platform. This vulnerability is associated with weaknesses in the authentication procedure. A malicious actor who has successfully provided first-factor authentication may be able to obtain second-factor authentication provided by VMware Verify, potentially allowing a remote attacker to disclose protected information.

Recommendations For versions 20.10 through 21.08, consider temporarily disabling the VMware Verify component for second-factor authentication until a patch is available. Restrict access to the Workspace ONE Access platform to minimize the risk of exploitation. Avoid relying solely on the affected authentication mechanism until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.