SSRF Vulnerability in VMware Workspace ONE Access and Identity Manager
CVE-2021-22056

7.5HIGH

Key Information:

Vendor: Vmware
Status: Vmware Workspace One Access And Identity Manager
Vendor: CVE Published:; 20 December 2021

Summary

VMware Workspace ONE Access and Identity Manager are susceptible to a Server Side Request Forgery (SSRF) vulnerability, which allows an attacker with network access to send crafted HTTP requests to arbitrary origins. This could enable the attacker to read the response from these requests, potentially leading to unauthorized information disclosure and further exploitation of the vulnerable system. Organizations using the affected versions should promptly apply recommended security patches to mitigate the risk.

Affected Version(s)

VMware Workspace ONE Access and Identity Manager VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3

References

https://www.vmware.com/security/advisories/VMSA-2021-0030...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 20, 2021
Vulnerability Reserved
Jan 4, 2021