446
VMScore

CVE-2021-22054

Published: 17/12/2021 Updated: 22/12/2021
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

VMware Workspace ONE UEM console 20.0.8 before 20.0.8.37, 20.11.0 before 20.11.0.40, 21.2.0 before 21.2.0.27, and 21.5.0 before 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

vmware workspace one uem console

Github Repositories

Generate SSRF payloads

CVE-2021-22054 Generate SSRF payloads References blogassetnoteio/2022/04/27/advisory-vmware-workspace-one-uem/ blogassetnoteio/2022/04/27/vmware-workspace-one-uem-ssrf/ Examples # generate POC python3 ssrfpy --url targetcom --url examplecom --airwatch python3 ssrfpy --url targetcom --url examplecom # generate PPOC and s

A really good cybersec reading materials.

really-good-cybersec A really good cybersec reading materials Implementing a toy version of TLS 13 jvnsca/blog/2022/03/23/a-toy-version-of-tls/ tmpoutsh tmpoutsh/2/ Logic Flaw Leading to RCE in Dynamicweb 950 - 9127 blogassetnoteio/2022/02/20/logicflaw-dynamicweb-rce/ RWCTF 4th Desperate Cat Writeup githubcom/voidfyoo/rwctf-4th

Recent Articles

Over Log4j? VMware has another critical flaw for you to patch
The Register • Simon Sharwood, APAC Editor • 17 Dec 2021

Get our weekly newsletter Workspace ONE Unified Endpoint Management can leak info via server-side request forgery

VMware customers have probably had a busy week because more than 100 of the IT giant's products are impacted by the Log4j bug. Now they need to make another urgent patching effort, because the virty giant has identified another critical flaw in its products that it rates as requiring urgent attention. Security advisory VMSA-2021-0029, which pertains CVE-2021-22054, describes a server-side forgery request in VMware’s Workspace ONE Unified Endpoint Management (UEM) product. The flaw is rated 9.1...