cve-2021-22056
Vulnerability from cvelistv5
Published
2021-12-20 20:08
Modified
2024-08-03 18:30
Severity ?
EPSS score ?
Summary
VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response.
References
▼ | URL | Tags | |
---|---|---|---|
security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2021-0030.html | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2021-0030.html | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | VMware Workspace ONE Access and Identity Manager |
Version: VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T18:30:23.964Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.vmware.com/security/advisories/VMSA-2021-0030.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "VMware Workspace ONE Access and Identity Manager", vendor: "n/a", versions: [ { status: "affected", version: "VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3", }, ], }, ], descriptions: [ { lang: "en", value: "VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response.", }, ], problemTypes: [ { descriptions: [ { description: "VMware Workspace Access and Identity Manager patches SSRF vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-20T20:08:27", orgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", shortName: "vmware", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.vmware.com/security/advisories/VMSA-2021-0030.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@vmware.com", ID: "CVE-2021-22056", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "VMware Workspace ONE Access and Identity Manager", version: { version_data: [ { version_value: "VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "VMware Workspace Access and Identity Manager patches SSRF vulnerability", }, ], }, ], }, references: { reference_data: [ { name: "https://www.vmware.com/security/advisories/VMSA-2021-0030.html", refsource: "MISC", url: "https://www.vmware.com/security/advisories/VMSA-2021-0030.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", assignerShortName: "vmware", cveId: "CVE-2021-22056", datePublished: "2021-12-20T20:08:27", dateReserved: "2021-01-04T00:00:00", dateUpdated: "2024-08-03T18:30:23.964Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:identity_manager:3.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97D98937-489B-4AA5-B99E-9AB639C582CA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0E93CB5E-CB4A-474A-9901-2E098928C489\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2A215A7D-F644-41DE-AB4E-69145DA48F9F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vrealize_automation:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0\", \"versionEndIncluding\": \"8.6\", \"matchCriteriaId\": \"3F5937FC-B5FF-432C-9120-7138D0FD7665\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vrealize_automation:7.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"471BB5AF-3744-45FE-937D-BBEC421035EB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workspace_one_access:20.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EDC57F3A-E726-4EE5-924D-9C94FED4718D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workspace_one_access:20.10.01:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6C2F7CB4-8425-4D9F-97FC-AD96D9ABC202\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workspace_one_access:21.08:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A6D31E45-25F5-4842-98FD-2CD68D2C786B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workspace_one_access:21.08.01:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"90BB4A84-0BE5-4228-AB80-33E04B7716C3\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response.\"}, {\"lang\": \"es\", \"value\": \"VMware Workspace ONE Access versiones 21.08, 20.10.0.1 y 20.10 y Identity Manager versiones 3.3.5, 3.3.4 y 3.3.3, contienen una vulnerabilidad de tipo SSRF. Un actor malicioso con acceso a la red puede ser capaz de realizar peticiones HTTP a or\\u00edgenes arbitrarios y leer la respuesta completa\"}]", id: "CVE-2021-22056", lastModified: "2024-11-21T05:49:30.793", metrics: "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}", published: "2021-12-20T21:15:07.960", references: "[{\"url\": \"https://www.vmware.com/security/advisories/VMSA-2021-0030.html\", \"source\": \"security@vmware.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://www.vmware.com/security/advisories/VMSA-2021-0030.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]", sourceIdentifier: "security@vmware.com", vulnStatus: "Modified", weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-918\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2021-22056\",\"sourceIdentifier\":\"security@vmware.com\",\"published\":\"2021-12-20T21:15:07.960\",\"lastModified\":\"2024-11-21T05:49:30.793\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response.\"},{\"lang\":\"es\",\"value\":\"VMware Workspace ONE Access versiones 21.08, 20.10.0.1 y 20.10 y Identity Manager versiones 3.3.5, 3.3.4 y 3.3.3, contienen una vulnerabilidad de tipo SSRF. Un actor malicioso con acceso a la red puede ser capaz de realizar peticiones HTTP a orígenes arbitrarios y leer la respuesta completa\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:identity_manager:3.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97D98937-489B-4AA5-B99E-9AB639C582CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E93CB5E-CB4A-474A-9901-2E098928C489\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A215A7D-F644-41DE-AB4E-69145DA48F9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vrealize_automation:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0\",\"versionEndIncluding\":\"8.6\",\"matchCriteriaId\":\"3F5937FC-B5FF-432C-9120-7138D0FD7665\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vrealize_automation:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"471BB5AF-3744-45FE-937D-BBEC421035EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workspace_one_access:20.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDC57F3A-E726-4EE5-924D-9C94FED4718D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workspace_one_access:20.10.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C2F7CB4-8425-4D9F-97FC-AD96D9ABC202\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workspace_one_access:21.08:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6D31E45-25F5-4842-98FD-2CD68D2C786B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workspace_one_access:21.08.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"90BB4A84-0BE5-4228-AB80-33E04B7716C3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"}]}]}],\"references\":[{\"url\":\"https://www.vmware.com/security/advisories/VMSA-2021-0030.html\",\"source\":\"security@vmware.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.vmware.com/security/advisories/VMSA-2021-0030.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}", }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.