← Back to CVEs
CVE-2021-22054
HIGHCISA KEV7.5
Description
VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information.
CVE Details
CVSS v3.1 Score7.5
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published12/17/2021
Last Modified3/10/2026
Sourcekev
Honeypot Sightings0
CISA KEV
VendorOmnissa
ProductWorkspace One UEM
Vulnerability NameOmnissa Workspace ONE Server-Side Request Forgery
KEV Date Added2026-03-09
Remediation Due Date2026-03-23
Ransomware UseUnknown
Affected Products
vmware:workspace_one_uem_console
Weaknesses (CWE)
CWE-918CWE-918
References
https://www.vmware.com/security/advisories/VMSA-2021-0029.html(security@vmware.com)
https://www.vmware.com/security/advisories/VMSA-2021-0029.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22054(134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://www.greynoise.io/blog/new-ssrf-exploitation-surge(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.