CVE-2021-22054
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | VMware Workspace ONE UEM console | VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37. | affected |
Weaknesses
- VMware Workspace ONE UEM console patches SSRF vulnerability
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: active
- Automatable: yes
- Technical Impact: total
Additional References
- https://www.greynoise.io/blog/new-ssrf-exploitation-surge
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22054
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.