Vulnerabilities > CVE-2021-22056 - Server-Side Request Forgery (SSRF) vulnerability in VMWare products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

vmware

CWE-918

NVD

Published: 2021-12-20

Updated: 2022-01-03

Summary

VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response.

Vulnerable Configurations

Part	Description	Count
Application	Vmware Vmware Identity Manager 3.3.3 Vmware Identity Manager 3.3.4 Vmware Identity Manager 3.3.5 Vmware Vrealize Automation 8.0 Vmware Vrealize Automation 8.1 Vmware Vrealize Automation 8.2 Vmware Vrealize Automation 8.3 Vmware Vrealize Automation 8.4 Vmware Vrealize Automation 8.5 Vmware Vrealize Automation 7.6 Vmware Workspace ONE Access 20.10 Vmware Workspace ONE Access 20.10.01 Vmware Workspace ONE Access 21.08 Vmware Workspace ONE Access 21.08.01	14
OS	Linux Linux Linux Kernel -	1

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://www.vmware.com/security/advisories/VMSA-2021-0030.html