Vulnerability Description
VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Workspace One Uem Console | >= 20.0.8.0, < 20.0.8.36 |
Related Weaknesses (CWE)
References
- https://www.vmware.com/security/advisories/VMSA-2021-0029.htmlPatchVendor Advisory
- https://www.vmware.com/security/advisories/VMSA-2021-0029.htmlPatchVendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-US Government Resource
- https://www.greynoise.io/blog/new-ssrf-exploitation-surgeThird Party Advisory
FAQ
What is CVE-2021-22054?
CVE-2021-22054 is a vulnerability with a CVSS score of 7.5 (HIGH). VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a ...
How severe is CVE-2021-22054?
CVE-2021-22054 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-22054?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Workspace One Uem Console.