VMWare.Workspace.ONE.UEM.Console.SSRF
Description
This indicates an attack attempt to exploit a Server-Side Request Forgery vulnerability in VMWare Workspace ONE UEM Console.
The vulnerability is due to a hard-coded encryption key found on the vulnerable application. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted HTTP request to the target vulnerable server. Successful exploitation leads to the disclosure of information that may be used to facilitate further compromise.
Affected Products
VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37
VMware Workspace ONE UEM console 20.11.0 prior to 20.11.0.40
VMware Workspace ONE UEM console 21.2.0 prior to 21.2.0.27
VMware Workspace ONE UEM console 21.5.0 prior to 21.5.0.37
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.vmware.com/security/advisories/VMSA-2021-0029.html
Version Updates
Date | Version | Detail |
---|---|---|
2022-10-19 | 0.00331 |