Denial of Service Vulnerability in VMware Workspace ONE UEM REST API
CVE-2021-22029

7.5HIGH

Key Information:

Vendor
Vmware
Vendor
CVE Published:
31 August 2021

Summary

The VMware Workspace ONE UEM REST API is susceptible to a denial of service attack due to improper rate limiting. An attacker with access to the /API/system/admins/session endpoint may exploit this weakness to overwhelm the API, leading to service interruptions. This vulnerability underscores the importance of robust rate limiting to prevent potential abuse and maintain service availability.

Affected Version(s)

VMware Workspace ONE UEM console Workspace ONE UEM console 2105, 2102, 2011, 2008, 2005 & 2001

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.