CVE-2021-22002 - VMware Workspace ONE Access and Identity Manager Host Header Injection and Unauthenticated Diagnostic Endpoint Exposure - Mehmet Ince @mdisec - Vulnerability Researcher | Building security products | Security Advisor

Description

VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication.

Vulnerability Information

Product / Framework: Vmware
Vendor Domain: vmware.com
Vulnerability Type: Authorization Bypass
CVE Details: View Full CVE Details →

CVE-2021-22002 – VMware Workspace ONE Access and Identity Manager Host Header Injection and Unauthenticated Diagnostic Endpoint Exposure

Description

Vulnerability Information

You may also enjoy…

The Story of a Perfect Exploit Chain: Six Bugs That Looked Harmless Until They Became Pre-Auth RCE in a Security Appliance

Inside PostHog: How SSRF, a ClickHouse SQL Escaping 0day, and Default PostgreSQL Credentials Formed an RCE Chain (ZDI-25-099, ZDI-25-097, ZDI-25-096)

The Chessboard of Security: Insights on Product Development and Vulnerabilities from a Hacker Perspective

Digital Cosmos: A Journey Through the Galaxy of Vulnerabilities

CVE-2021-3825 | LiderAhenk 0day – All your PARDUS Clients Belongs To Me