CVE-2021-22056

Name of the Vulnerable Software and Affected Versions VMware Workspace ONE Access versions 20.10 through 21.08 VMware Identity Manager versions 3.3.3 through 3.3.5

Description The issue is related to insufficient validation of incoming requests, allowing a remote attacker to impact the confidentiality and integrity of protected information using specially crafted HTTP requests. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response. This is a Server-Side Request Forgery (SSRF) vulnerability.

Recommendations For VMware Workspace ONE Access versions 20.10 through 21.08, update to a version that contains a fix for this issue. For VMware Identity Manager versions 3.3.3 through 3.3.5, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the vulnerable component to minimize the risk of exploitation.