CVE-2021-22054

HIGHCISA KEV

7.5

Beschreibung

VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information.

CVE Details

CVSS v3.1 Bewertung7.5

SchweregradHIGH

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht12/17/2021

Zuletzt geandert3/10/2026

Quellekev

Honeypot-Sichtungen0

CISA KEV

HerstellerOmnissa

ProduktWorkspace One UEM

SchwachstellennameOmnissa Workspace ONE Server-Side Request Forgery

KEV Aufnahmedatum2026-03-09

Behebungsfrist2026-03-23

Ransomware-NutzungUnknown

Betroffene Produkte

vmware:workspace_one_uem_console

Schwachen (CWE)

CWE-918CWE-918

Referenzen

https://www.vmware.com/security/advisories/VMSA-2021-0029.html(security@vmware.com)

https://www.vmware.com/security/advisories/VMSA-2021-0029.html(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22054(134c704f-9b21-4f2e-91b3-4a467353bcc0)

https://www.greynoise.io/blog/new-ssrf-exploitation-surge(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.