Keiran Sampson

**Name of the Vulnerable Software and Affected Versions** VMware Workspace ONE Access versions 20.10 through 21.08 VMware Identity Manager versions 3.3.3 through 3.3.5 **Description** The issue is related to insufficient validation of incoming requests, allowing a remote attacker to impact the confidentiality and integrity of protected information using specially crafted HTTP requests. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response. This is a Server-Side Request Forgery (SSRF) vulnerability. **Recommendations** For VMware Workspace ONE Access versions 20.10 through 21.08, update to a version that contains a fix for this issue. For VMware Identity Manager versions 3.3.3 through 3.3.5, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the vulnerable component to minimize the risk of exploitation.