SSRF Vulnerability in VMware Workspace ONE UEM Console
CVE-2021-22054

7.5HIGH

Key Information:

Vendor: Vmware
Status: Vmware Workspace One Uem Console
Vendor: CVE Published:; 17 December 2021

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 69%

Summary

VMware Workspace ONE UEM console versions prior to 20.0.8.37, 20.11.0.40, 21.2.0.27, and 21.5.0.37 are susceptible to a Server Side Request Forgery (SSRF) vulnerability. This flaw could enable an unauthorized attacker with network access to the UEM console to send malicious requests, potentially leading to access to sensitive internal information without the need for authentication. Organizations using these versions are advised to apply the necessary updates to mitigate any risks associated with this vulnerability.

Affected Version(s)

VMware Workspace ONE UEM console VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2021-22054
Created by MKSx

References

https://www.vmware.com/security/advisories/VMSA-2021-0029...

x_refsource_MISC

EPSS Score

69% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Jun 3, 2022
👾
Exploit known to exist
Jun 3, 2022
Vulnerability published
Dec 17, 2021
Vulnerability Reserved
Jan 4, 2021