January 23, 2022

TheCyberThrone

Thinking Security ! Always

VMware Fixes Critical SSRF Flaw in Workspace One

VMware has addressed a critical SSRF vulnerability, tracked as CVE-2021-22054, in Workspace ONE UEM console.

An attacker with network access to UEM could exploit the vulnerability to access sensitive data in the management console. An attacker can trigger the issue by sending unauthenticated requests to the vulnerable software.

Advertisements

The virtualization giant has rated the issue as Critical and assigned it a CVSSv3 base score of 9.1. The SSRF vulnerability in Workspace ONE UEM console was patched by th VMware and provided workarounds.

The company fixed the issue with the release of VMware Workspace ONE UEM console versions 21.5.0.37, 21.2.0.27, 20.11.0.40, and 20.0.8.36. VMware Workspace ONE UEM patch 21.9.0.13 and above also fixed the vulnerability.

Shared and Dedicated SaaS:

The issue has been mitigated across all SaaS environments through infrastructure changes which will remain in place until VMware Cloud Operations has deployed the necessary patches. Please subscribe to this article to be notified when updates are available

Advertisements

On-premise environment

Deploy the patch associated with the supported version of Workspace ONE UEM that your environment is on. The company also shared the following required actions in guidance for addressing CVE-2021-22054.

%d bloggers like this: