virus logo Web Application Security

VMWare.Workspace.ONE.UEM.Console.SSRF

description-logoDescription

This indicates an attack attempt to exploit a Server-Side Request Forgery vulnerability in VMWare Workspace ONE UEM Console.
The vulnerability is due to a hard-coded encryption key found on the vulnerable application. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted HTTP request to the target vulnerable server. Successful exploitation leads to the disclosure of information that may be used to facilitate further compromise.

affected-products-logoAffected Products

VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37
VMware Workspace ONE UEM console 20.11.0 prior to 20.11.0.40
VMware Workspace ONE UEM console 21.2.0 prior to 21.2.0.27
VMware Workspace ONE UEM console 21.5.0 prior to 21.5.0.37

Impact logoImpact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://www.vmware.com/security/advisories/VMSA-2021-0029.html

Version Updates

Date Version Detail
2022-10-19 0.00331

CVE References

CVE-2021-22054
ID 1090501585
Created Oct 20, 2022
Updated Oct 20, 2022
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Default Action pass
Active
Affected OS Windows, Linux
Affected App Other
Engine Version 5.0.0 or later