Vulnerabilities > CVE-2021-22054 - Server-Side Request Forgery (SSRF) vulnerability in VMWare Workspace ONE UEM Console

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

vmware

CWE-918

NVD

Published: 2021-12-17

Updated: 2021-12-22

Summary

VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information.

Vulnerable Configurations

Part	Description	Count
Application	Vmware Vmware Workspace ONE UEM Console * Vmware Workspace ONE UEM Console 21.5.0.0 Vmware Workspace ONE UEM Console 21.5.0.2 Vmware Workspace ONE UEM Console 21.2.0.0 Vmware Workspace ONE UEM Console 21.2.0.14 Vmware Workspace ONE UEM Console 20.11.0.0 Vmware Workspace ONE UEM Console 20.11.0.30	7

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://www.vmware.com/security/advisories/VMSA-2021-0029.html