VMware Releases Security Update for Workspace ONE UEM console

Security update to address a Server Side Request Forgery vulnerability in VMware Workspace ONE UEM console

Threat ID:: CC-4001
Threat Severity:: Information only
Published:: 30 December 2021 1:48 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Security update to address a Server Side Request Forgery vulnerability in VMware Workspace ONE UEM console

Affected platforms

The following platforms are known to be affected:

Versions: 2105 prior to 21.5.0.37, 2102 prior to 21.2.0.27, 2011 prior to 20.11.0.40, 2008 prior to 20.0.8.36

VMware Workspace ONE Unified Endpoint Management (UEM) Console

Threat details

Introduction

VMware has released a security advisory to address a Server Side Request Forgery (SSRF) vulnerability, tracked as CVE-2021-22054, in Workspace ONE UEM console. VMware has rated the severity of this issue as 'critical'.

An attacker with network access to UEM could send requests without authentication and may exploit this issue to gain access to sensitive information.

Remediation advice

Affected organisations are encouraged to review VMware Security Advisory VMSA-2021-0029 and apply any relevant updates.

Definitive source of threat updates

https://www.vmware.com/security/advisories/VMSA-2021-0029.html

CVE Vulnerabilities

Status Published

CVE-2021-22054

Last edited: 30 December 2021 3:11 pm