CVE-2021-22003

Vulnerability

The affected products, VMware Workspace ONE Access and Identity Manager (and related components such as vRealize Automation), unintentionally provide a login interface on TCP port 7443 [1]. This port is accessible to any network actor who can reach the server. The vulnerability affects all versions prior to the patches released in August 2021, as detailed in VMSA-2021-0016 [1].

Exploitation

A malicious actor with network access to port 7443 can attempt to enumerate valid user accounts or perform password brute-force attacks against the login endpoint [1]. The practical success of such attacks depends on the target environment's account lockout policy and password complexity requirements; if lockout thresholds are high or absent, brute-force attempts become more feasible [1]. No authentication or prior access is required for the attacker to reach the exposed endpoint.

Impact

If an attacker successfully enumerates a valid username or guesses a weak password, they could gain unauthorized access to the Workspace ONE Access or Identity Manager console [1]. This could lead to disclosure of sensitive information or further compromise within the affected VMware deployment. The CVSSv3 base score for this vulnerability is 5.3 (medium), reflecting the limited impact given typical account lockout policies [1].

Mitigation

VMware released fixed versions in August 2021 as part of VMSA-2021-0016 [1]. The advisory provides specific patch information for Workspace ONE Access, Identity Manager, vRealize Automation, and related products. Administrators should immediately apply the recommended patches or follow the workaround guidance in the advisory. No workaround other than restricting network access to port 7443 or upgrading is suggested. VMware has not listed this CVE in the KEV catalog.