VMware has warned users a flaw in its VMware Verify two-factor authentication product could allow a malicious actor with a first-factor authentication credential to obtain a second factor from its VMware Verify product.
CVE-2021-22057 is the rascal behind this issue and is rated 6.6/10. VMware Verify is part of the wider VMware Workspace ONE Access product, now available in version 21.08.0.1 to fix this bug and a 5.5-rated Server Side Request Forgery that can allow a malicious actor with network access to make HTTP requests to arbitrary origins and read the full response
News of the two new flaws in WorkspaceONE came a day after VMware warned of a critical-rated flaw in the suite.