Cross-Site Scripting Vulnerability in VMware Workspace ONE UEM Console
CVE-2021-21990

6.1MEDIUM

Key Information:

Vendor: Vmware
Status: Vmware Workspace One Uem Console
Vendor: CVE Published:; 11 May 2021

Summary

The VMware Workspace ONE UEM console suffers from a vulnerability where it fails to properly validate incoming requests during device enrollment. This flaw allows attackers to inject unsanitized input that the application renders on user devices. A successful exploitation permits malicious scripts to execute in the context of a user's session, potentially leading to unauthorized access or data theft. It is crucial for users of affected versions to apply security updates and ensure proper input validation to mitigate this risk.

Affected Version(s)

Vmware Workspace One UEM console VMware Workspace one UEM console (2102 prior to 21.2.0.8, 2101 prior to 21.1.0.14, 2011 prior to 20.11.0.27, 2010 prior to 20.10.0.16,2008 prior to 20.8.0.28, 2007 prior to 20.7.0.14,2006 prior to 20.6.0.19, 2005 prior to 20.5.0.46, 2004 prior to 20.4.0.21, 2003 prior to 20.3.0.23, 2001 prior to 20.1.0.32, 1912 prior to 19.12.0.24)

References

https://www.vmware.com/security/advisories/VMSA-2021-0008...

x_refsource_MISC

https://herolab.usd.de/security-advisories/usd-2021-0008/

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 11, 2021
Vulnerability Reserved
Jan 4, 2021