During an advisory meeting, VMware has warned that a malicious actor with network access to port 443 has the ability to compromise host headers. This will facilitate access to the/cfg web app, along with a malicious actor that could access/cfg diagnostic endpoints without authentication. The threat exists because VMware Workspace ONE Access and Identity Manager enable access to the /cfg web app and diagnostic endpoints via port 443, using a custom header.
The latest patch from VMware provides cover for CVE-2021-22003, a security vulnerability where a login interface is unintentionally given to port 7443.
To Read More: SecurityWeek
For more such updates follow us on Google News ITsecuritywire News.