Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

VMware fixes critical SSRF flaw in Workspace ONE UEM Console

VMware released security patches for a critical server-side request forgery (SSRF) vulnerability in Workspace ONE UEM console. VMware has addressed a critical server-side request forgery (SSRF) vulnerability, tracked as CVE-2021-22054, in the Workspace ONE UEM console. An attacker with network access to UEM could exploit the vulnerability to access sensitive data in the management console. An […]

VMware Fusion Pwn2Own Berlin 2025

VMware released security patches for a critical server-side request forgery (SSRF) vulnerability in Workspace ONE UEM console.

VMware has addressed a critical server-side request forgery (SSRF) vulnerability, tracked as CVE-2021-22054, in the Workspace ONE UEM console.

An attacker with network access to UEM could exploit the vulnerability to access sensitive data in the management console. An attacker can trigger the issue by sending unauthenticated requests to the vulnerable software.

“VMware Workspace ONE UEM console contains a Server Side Request Forgery (SSRF) vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.1.” reads the analysis published by VMware. “A malicious actor with network access to UEM can send their requests without authentication and may exploit this issue to gain access to sensitive information.”

Below is the list of impacted versions:

Impacted VersionsFixed Version
2109Workspace ONE UEM patch 21.9.0.13 and above
2105Workspace ONE UEM patch 21.5.0.37 and above
2102Workspace ONE UEM patch 21.2.0.27 and above
2101Workspace ONE UEM patch 21.1.0.27 and above
2011Workspace ONE UEM patch 20.11.0.40 and above
2010Workspace ONE UEM patch 20.10.0.23 and above
2008Workspace ONE UEM patch 20.8.0.36 and above
2007Workspace ONE UEM patch 20.7.0.17 and above

The virtualization giant has rated the issue as Critical and assigned it a CVSSv3 base score of 9.1. The SSRF vulnerability in Workspace ONE UEM console was privately reported to the company which released security patches and workarounds.

The company fixed the issue with the release of VMware Workspace ONE UEM console versions 21.5.0.37, 21.2.0.27, 20.11.0.40, and 20.0.8.36. VMware Workspace ONE UEM patch 21.9.0.13 and above also fixed the vulnerability.

The company also shared the following required actions in guidance for addressing CVE-2021-22054 (87167).

Shared and Dedicated SaaS: None. The issue has been mitigated across all SaaS environments through infrastructure changes which will remain in place until VMware Cloud Operations has deployed the necessary patches. Please subscribe to this article to be notified when updates are available
On-premise: Deploy the patch associated with the supported version of Workspace ONE UEM that your environment is on. Alternatively, you may implement the short-term mitigation noted below

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, VMware Workspace ONE UEM)

[adrotate banner=”5″]

[adrotate banner=”13″]