1. Home
  2. CVE Database
  3. CVE-2021-22056
HIGH · 7.5

CVE-2021-22056

VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP reque...

Vulnerability Description

VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
VmwareIdentity Manager3.3.3
VmwareVrealize Automation>= 8.0, <= 8.6
VmwareWorkspace One Access20.10
LinuxLinux Kernel-

Related Weaknesses (CWE)

CWE-918

References

FAQ

What is CVE-2021-22056?

CVE-2021-22056 is a vulnerability with a CVSS score of 7.5 (HIGH). VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP reque...

How severe is CVE-2021-22056?

CVE-2021-22056 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-22056?

Check the references section above for vendor advisories and patch information. Affected products include: Vmware Identity Manager, Vmware Vrealize Automation, Vmware Workspace One Access, Linux Linux Kernel.