Two new vulnerabilities were fixed, the most severe of which is CVE-2021-22057 (CVSS score of 6.6), an authentication bypass that affects VMware Verify two factor authentication.

By exploiting the vulnerability, a malicious actor who has gained knowledge of the first-factor authentication, may provide it to obtain second-factor authentication from VMware Verify, VMware says.

Tracked as CVE-2021-22056 (CVSS score of 5.5), the second vulnerability is a server-side request forgery (SSRF) flaw that could allow an attacker with network access “to make HTTP requests to arbitrary origins and read the full response.”