Search
Find a vulnerability
Search criteria
4 vulnerabilities found for workspace_one_uem_console by vmware
CVE-2021-22054 (GCVE-0-2021-22054)
Vulnerability from nvd – Published: 2021-12-17 16:10 – Updated: 2026-03-11 03:55Summary
VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information.
Severity
7.5 (High)
SSVC
Exploitation: active
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- VMware Workspace ONE UEM console patches SSRF vulnerability
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.vmware.com/security/advisories/VMSA-2… | x_refsource_MISC |
| https://www.greynoise.io/blog/new-ssrf-exploitati… | third-party-advisory |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | VMware Workspace ONE UEM console |
Affected:
VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0029.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-22054",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2021-12-20T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-03-09",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22054"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T03:55:27.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.greynoise.io/blog/new-ssrf-exploitation-surge"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22054"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE UEM console",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "VMware Workspace ONE UEM console patches SSRF vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-17T16:10:18.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0029.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE UEM console",
"version": {
"version_data": [
{
"version_value": "VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "VMware Workspace ONE UEM console patches SSRF vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0029.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0029.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22054",
"datePublished": "2021-12-17T16:10:18.000Z",
"dateReserved": "2021-01-04T00:00:00.000Z",
"dateUpdated": "2026-03-11T03:55:27.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-22029 (GCVE-0-2021-22029)
Vulnerability from nvd – Published: 2021-08-31 20:50 – Updated: 2024-08-03 18:30
VLAI
Summary
VMware Workspace ONE UEM REST API contains a denial of service vulnerability. A malicious actor with access to /API/system/admins/session could cause an API denial of service due to improper rate limiting.
Severity
No CVSS data available.
CWE
- Denial of service vulnerability
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.vmware.com/security/advisories/VMSA-2… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | VMware Workspace ONE UEM console |
Affected:
Workspace ONE UEM console 2105, 2102, 2011, 2008, 2005 & 2001
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE UEM console",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Workspace ONE UEM console 2105, 2102, 2011, 2008, 2005 \u0026 2001"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE UEM REST API contains a denial of service vulnerability. A malicious actor with access to /API/system/admins/session could cause an API denial of service due to improper rate limiting."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-31T20:50:18.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0017.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE UEM console",
"version": {
"version_data": [
{
"version_value": "Workspace ONE UEM console 2105, 2102, 2011, 2008, 2005 \u0026 2001"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE UEM REST API contains a denial of service vulnerability. A malicious actor with access to /API/system/admins/session could cause an API denial of service due to improper rate limiting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0017.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0017.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22029",
"datePublished": "2021-08-31T20:50:18.000Z",
"dateReserved": "2021-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:30:23.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22054 (GCVE-0-2021-22054)
Vulnerability from cvelistv5 – Published: 2021-12-17 16:10 – Updated: 2026-03-11 03:55Summary
VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information.
Severity
7.5 (High)
SSVC
Exploitation: active
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- VMware Workspace ONE UEM console patches SSRF vulnerability
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.vmware.com/security/advisories/VMSA-2… | x_refsource_MISC |
| https://www.greynoise.io/blog/new-ssrf-exploitati… | third-party-advisory |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | VMware Workspace ONE UEM console |
Affected:
VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0029.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-22054",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2021-12-20T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-03-09",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22054"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T03:55:27.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.greynoise.io/blog/new-ssrf-exploitation-surge"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22054"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE UEM console",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "VMware Workspace ONE UEM console patches SSRF vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-17T16:10:18.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0029.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE UEM console",
"version": {
"version_data": [
{
"version_value": "VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "VMware Workspace ONE UEM console patches SSRF vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0029.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0029.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22054",
"datePublished": "2021-12-17T16:10:18.000Z",
"dateReserved": "2021-01-04T00:00:00.000Z",
"dateUpdated": "2026-03-11T03:55:27.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-22029 (GCVE-0-2021-22029)
Vulnerability from cvelistv5 – Published: 2021-08-31 20:50 – Updated: 2024-08-03 18:30
VLAI
Summary
VMware Workspace ONE UEM REST API contains a denial of service vulnerability. A malicious actor with access to /API/system/admins/session could cause an API denial of service due to improper rate limiting.
Severity
No CVSS data available.
CWE
- Denial of service vulnerability
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.vmware.com/security/advisories/VMSA-2… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | VMware Workspace ONE UEM console |
Affected:
Workspace ONE UEM console 2105, 2102, 2011, 2008, 2005 & 2001
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Workspace ONE UEM console",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Workspace ONE UEM console 2105, 2102, 2011, 2008, 2005 \u0026 2001"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VMware Workspace ONE UEM REST API contains a denial of service vulnerability. A malicious actor with access to /API/system/admins/session could cause an API denial of service due to improper rate limiting."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-31T20:50:18.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0017.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE UEM console",
"version": {
"version_data": [
{
"version_value": "Workspace ONE UEM console 2105, 2102, 2011, 2008, 2005 \u0026 2001"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workspace ONE UEM REST API contains a denial of service vulnerability. A malicious actor with access to /API/system/admins/session could cause an API denial of service due to improper rate limiting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2021-0017.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0017.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22029",
"datePublished": "2021-08-31T20:50:18.000Z",
"dateReserved": "2021-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:30:23.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}