CVE-2021-22155
Severity Score
8.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An Authentication Bypass vulnerability in the SAML Authentication component of BlackBerry Workspaces Server (deployed with Appliance-X) version(s) 10.1, 9.1 and earlier could allow an attacker to potentially gain access to the application in the context of the targeted user’s account.
Una vulnerabilidad de omisión de autenticación en el componente SAML Authentication de BlackBerry Workspaces Server (implementado con Appliance-X) versiones(s) 10.1, 9.1 y anteriores, podría permitir a un atacante conseguir acceso a la aplicación en el contexto de la cuenta del usuario objetivo
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-01-04 CVE Reserved
- 2021-05-12 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.blackberry.com/kb/articleDetail?articleNumber=000078926 | 2022-06-28 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Blackberry Search vendor "Blackberry" | Workspaces Server Search vendor "Blackberry" for product "Workspaces Server" | <= 9.1 Search vendor "Blackberry" for product "Workspaces Server" and version " <= 9.1" | - |
Affected
| ||||||
| Blackberry Search vendor "Blackberry" | Workspaces Server Search vendor "Blackberry" for product "Workspaces Server" | 10.1 Search vendor "Blackberry" for product "Workspaces Server" and version "10.1" | - |
Affected
| ||||||