{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-15T04:40:01.821","vulnerabilities":[{"cve":{"id":"CVE-2021-22002","sourceIdentifier":"security@vmware.com","published":"2021-08-31T22:15:08.320","lastModified":"2024-11-21T05:49:25.223","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication."},{"lang":"es","value":"VMware Workspace ONE Access y Identity Manager, permiten el acceso a la aplicación web /cfg y a los endpoints de diagnóstico, en el puerto 8443, por medio del puerto 443 usando un encabezado de host personalizado. Un actor malicioso con acceso de red al puerto 443 podría manipular los encabezados de host para facilitar el acceso a la aplicación web /cfg, además, un actor malicioso podría acceder a los endpoints de diagnóstico /cfg sin autenticación"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:identity_manager:3.3.2:*:*:*:*:*:*:*","matchCriteriaId":"22BC2D96-5922-4995-B006-1BAB5FE51D93"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:identity_manager:3.3.3:*:*:*:*:*:*:*","matchCriteriaId":"97D98937-489B-4AA5-B99E-9AB639C582CA"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:*","matchCriteriaId":"0E93CB5E-CB4A-474A-9901-2E098928C489"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:identity_manager:3.3.5:*:*:*:*:*:*:*","matchCriteriaId":"2A215A7D-F644-41DE-AB4E-69145DA48F9F"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:workspace_one_access:20.01:*:*:*:*:*:*:*","matchCriteriaId":"FFFD453B-7658-4FDA-BA4D-B13681F51724"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:workspace_one_access:20.10:*:*:*:*:*:*:*","matchCriteriaId":"EDC57F3A-E726-4EE5-924D-9C94FED4718D"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:workspace_one_access:20.10.01:*:*:*:*:*:*:*","matchCriteriaId":"6C2F7CB4-8425-4D9F-97FC-AD96D9ABC202"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:cloud_foundation:4.0:*:*:*:*:*:*:*","matchCriteriaId":"38EB0C0C-56CF-4A8F-A36F-E0E180B9059E"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:cloud_foundation:4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"A54544F5-5929-4609-A91C-FCA0FDBFE862"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:cloud_foundation:4.1:*:*:*:*:*:*:*","matchCriteriaId":"CA6D6348-E71A-4DA4-AC84-51397B2461A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:cloud_foundation:4.1.0.1:*:*:*:*:*:*:*","matchCriteriaId":"C8EC0B43-8667-45D6-BF97-03DDFFAD2AF9"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:cloud_foundation:4.2.1:*:*:*:*:*:*:*","matchCriteriaId":"DC4C5700-1AFE-49F6-AC92-09F2349345ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.0:*:*:*:*:*:*:*","matchCriteriaId":"E3318D91-40AC-4649-8FCD-4557C8F934B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.0.1:*:*:*:*:*:*:*","matchCriteriaId":"A06C29AB-1EAF-43EF-96C3-9E3468911B2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.1:*:*:*:*:*:*:*","matchCriteriaId":"43723EC2-295E-4AF7-B654-70F9E42F4807"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.2:*:*:*:*:*:*:*","matchCriteriaId":"CFB84C30-EE5D-4C15-A74E-7B2B3E0DED4D"}]}]}],"references":[{"url":"https://www.vmware.com/security/advisories/VMSA-2021-0016.html","source":"security@vmware.com","tags":["Patch","Vendor Advisory"]},{"url":"https://www.vmware.com/security/advisories/VMSA-2021-0016.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}}]}