Denial of Service Vulnerability in VMware Workspace ONE UEM REST API
CVE-2021-22029
7.5HIGH
Key Information:
- Vendor
- Vmware
- Vendor
- CVE Published:
- 31 August 2021
Summary
The VMware Workspace ONE UEM REST API is susceptible to a denial of service attack due to improper rate limiting. An attacker with access to the /API/system/admins/session endpoint may exploit this weakness to overwhelm the API, leading to service interruptions. This vulnerability underscores the importance of robust rate limiting to prevent potential abuse and maintain service availability.
Affected Version(s)
VMware Workspace ONE UEM console Workspace ONE UEM console 2105, 2102, 2011, 2008, 2005 & 2001
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved