VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vmware identity_manager 3.3.2 |
||
vmware identity_manager 3.3.3 |
||
vmware identity_manager 3.3.4 |
||
vmware identity_manager 3.3.5 |
||
vmware workspace_one_access 20.01 |
||
vmware workspace_one_access 20.10 |
||
vmware workspace_one_access 20.10.01 |
||
vmware cloud foundation 4.0 |
||
vmware cloud foundation 4.0.1 |
||
vmware cloud foundation 4.1 |
||
vmware cloud foundation 4.1.0.1 |
||
vmware cloud foundation 4.2.1 |
||
vmware vrealize suite lifecycle manager 8.0 |
||
vmware vrealize suite lifecycle manager 8.0.1 |
||
vmware vrealize suite lifecycle manager 8.1 |
||
vmware vrealize suite lifecycle manager 8.2 |