#VU55616 Unprotected primary channel in VMware Workspace One Access - CVE-2021-22003


Vulnerability identifier: #VU55616

Vulnerability risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-22003

CWE-ID: CWE-419

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
VMware Workspace One Access
Operating systems & Components / Operating system package or component

Vendor: VMware, Inc

Description
undefined

Mitigation
Install updates from vendor's website.

Vulnerable software versions

VMware Workspace One Access: 20.01 - 20.10.01

External links
https://www.vmware.com/security/advisories/VMSA-2021-0016.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Dell EMC Enterprise Hybrid Cloud update for VMware products
Multiple vulnerabilities in vRealize Suite Lifecycle Manager
Multiple vulnerabilities in VMware Cloud Foundation (vIDM)
Multiple vulnerabilities in VMware Identity Manager (vIDM)
Multiple vulnerabilities in VMware Workspace One Access