CVE-2021-22054

Name of the Vulnerable Software and Affected Versions VMware Workspace ONE UEM versions 20.0.8 through 20.0.8.37 VMware Workspace ONE UEM versions 20.11.0 through 20.11.0.40 VMware Workspace ONE UEM versions 21.2.0 through 21.2.0.27 VMware Workspace ONE UEM versions 21.5.0 through 21.5.0.37

Description VMware Workspace ONE UEM contains a Server-Side Request Forgery (SSRF) issue. This allows a malicious actor with network access to UEM to send requests without authentication and potentially gain access to sensitive information. The issue stems from insufficient validation of incoming requests. An unauthenticated attacker can make arbitrary HTTP requests.

Recommendations Update VMware Workspace ONE UEM to version 20.0.8.37 or later. Update VMware Workspace ONE UEM to version 20.11.0.40 or later. Update VMware Workspace ONE UEM to version 21.2.0.27 or later. Update VMware Workspace ONE UEM to version 21.5.0.37 or later.