← Volver a CVEs
CVE-2021-22054
HIGHCISA KEV7.5
Descripcion
VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information.
Detalles CVE
Puntuacion CVSS v3.17.5
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado12/17/2021
Ultima modificacion3/10/2026
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorOmnissa
ProductoWorkspace One UEM
Nombre vulnerabilidadOmnissa Workspace ONE Server-Side Request Forgery
Fecha inclusion KEV2026-03-09
Fecha limite remediacion2026-03-23
Uso en ransomwareUnknown
Productos afectados
vmware:workspace_one_uem_console
Debilidades (CWE)
CWE-918CWE-918
Referencias
https://www.vmware.com/security/advisories/VMSA-2021-0029.html(security@vmware.com)
https://www.vmware.com/security/advisories/VMSA-2021-0029.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22054(134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://www.greynoise.io/blog/new-ssrf-exploitation-surge(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.