CVE-2021-21990

Name of the Vulnerable Software and Affected Versions VMware Workspace One versions 20.1.0.0 through 20.1.0.31 VMware Workspace One versions 20.3.0.0 through 20.3.0.22 VMware Workspace One versions 20.4.0.0 through 20.4.0.20 VMware Workspace One versions 20.5.0.0 through 20.5.0.45 VMware Workspace One versions 20.6.0.0 through 20.6.0.18 VMware Workspace One versions 20.7.0.0 through 20.7.0.13 VMware Workspace One versions 20.8.0.0 through 20.8.0.27 VMware Workspace One versions 20.10.0.0 through 20.10.0.15 VMware Workspace One versions 20.11.0.0 through 20.11.0.26 VMware Workspace One versions 21.1.0.0 through 21.1.0.13 VMware Workspace One versions 21.2.0.0 through 21.2.0.7

Description The issue exists due to insufficient protection of the web page structure in VMware Workspace One, allowing a remote attacker to impact the confidentiality and integrity of protected information. This is a result of a cross-site scripting vulnerability in the VMware Workspace One UEM console, where the console does not validate incoming requests during device enrollment, leading to the rendering of unsanitized input on the user device in response.

Recommendations For versions 20.1.0.0 through 20.1.0.31, update to version 20.1.0.32 or later. For versions 20.3.0.0 through 20.3.0.22, update to version 20.3.0.23 or later. For versions 20.4.0.0 through 20.4.0.20, update to version 20.4.0.21 or later. For versions 20.5.0.0 through 20.5.0.45, update to version 20.5.0.46 or later. For versions 20.6.0.0 through 20.6.0.18, update to version 20.6.0.19 or later. For versions 20.7.0.0 through 20.7.0.13, update to version 20.7.0.14 or later. For versions 20.8.0.0 through 20.8.0.27, update to version 20.8.0.28 or later. For versions 20.10.0.0 through 20.10.0.15, update to version 20.10.0.16 or later. For versions 20.11.0.0 through 20.11.0.26, update to version 20.11.0.27 or later. For versions 21.1.0.0 through 21.1.0.13, update to version 21.1.0.14 or later. For versions 21.2.0.0 through 21.2.0.7, update to version 21.2.0.8 or later.