VMware has issued security patches for a number of its products in order to fix a critical vulnerability that may be used to get access to sensitive information.
The security vulnerability affect VMware Workspace One Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, and vRealize Suite Lifecycle Manager, and are tracked as CVE-2021-22002 (CVSS score: 8.6) and CVE-2021-22003 (CVSS score: 3.7).
CVE-2021-22002 concerns an issue with how VMware Workspace One Access and Identity Manager allow the “/cfg” web app and diagnostic endpoints to be accessed through port 443 by tampering with a host header and resulting in a server-side request.
VMware said in its advisory “A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication,”
Suleyman Bayir of Trendyol has been credited with reporting the flaw.
An information disclosure vulnerability affecting VMware Workspace One Access and Identity Manager due to an inadvertently exposed login interface on port 7443 is also fixed by VMware.
VMware is offering a workaround script for CVE-2021-22002 that may be applied separately without taking the vRA appliances offline for users who are unable to upgrade to the newest version. VMware said “The workaround disables the ability to resolve the configuration page of vIDM. This endpoint is not used in vRA 7.6 environments and will not cause any impact to functionality,”