← Voltar para CVEs
CVE-2021-22054
HIGHCISA KEV7.5
Descricao
VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information.
Detalhes CVE
Pontuacao CVSS v3.17.5
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado12/17/2021
Ultima modificacao3/10/2026
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorOmnissa
ProdutoWorkspace One UEM
Nome da vulnerabilidadeOmnissa Workspace ONE Server-Side Request Forgery
Data inclusao KEV2026-03-09
Prazo de remediacao2026-03-23
Uso em ransomwareUnknown
Produtos afetados
vmware:workspace_one_uem_console
Fraquezas (CWE)
CWE-918CWE-918
Referencias
https://www.vmware.com/security/advisories/VMSA-2021-0029.html(security@vmware.com)
https://www.vmware.com/security/advisories/VMSA-2021-0029.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22054(134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://www.greynoise.io/blog/new-ssrf-exploitation-surge(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.