CVE-2021-22003
HIGHVMware Workspace ONE Access and Identity Manager - User Enumeration and Brute Force via Port 7443 Login Interface
Title source: llmDescription
VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and password complexity for the target account.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.vmware.com/security/advisories/VMSA-2021-0016.html
Scores
CVSS v3
7.5
EPSS
0.0027
EPSS Percentile
50.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-307
Status
published
Products (16)
vmware/cloud_foundation
4.0
vmware/cloud_foundation
4.0.1
vmware/cloud_foundation
4.1
vmware/cloud_foundation
4.1.0.1
vmware/cloud_foundation
4.2.1
vmware/identity_manager
3.3.2
vmware/identity_manager
3.3.3
vmware/identity_manager
3.3.4
vmware/identity_manager
3.3.5
vmware/vrealize_suite_lifecycle_manager
8.0
... and 6 more
Published
Aug 31, 2021
Tracked Since
Feb 18, 2026