Denial of Service Vulnerability in VMware Workspace ONE UEM REST API
CVE-2021-22029

7.5HIGH

Key Information:

Vendor: Vmware
Status: Vmware Workspace One Uem Console
Vendor: CVE Published:; 31 August 2021

Summary

The VMware Workspace ONE UEM REST API is susceptible to a denial of service attack due to improper rate limiting. An attacker with access to the /API/system/admins/session endpoint may exploit this weakness to overwhelm the API, leading to service interruptions. This vulnerability underscores the importance of robust rate limiting to prevent potential abuse and maintain service availability.

Affected Version(s)

VMware Workspace ONE UEM console Workspace ONE UEM console 2105, 2102, 2011, 2008, 2005 & 2001

References

https://www.vmware.com/security/advisories/VMSA-2021-0017...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 31, 2021
Vulnerability Reserved
Jan 4, 2021