CVE-2021-22054 - Vulnerability Details

VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is in the KEV database since yesterday.

Exploitation active

Automatable yes

Technical Impact partial

Vendors	Products
Vmware	Workspace One Uem Console

Configuration 1 [-]

OR	cpe:2.3:a:vmware:workspace_one_uem_console::::::::
	cpe:2.3:a:vmware:workspace_one_uem_console::::::::
	cpe:2.3:a:vmware:workspace_one_uem_console::::::::
	cpe:2.3:a:vmware:workspace_one_uem_console::::::::

No data.

References

Link	Providers
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22054
https://www.greynoise.io/blog/new-ssrf-exploitation-surge
https://www.vmware.com/security/advisories/VMSA-2021-0029.html

History

Mon, 09 Mar 2026 20:30:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2026-03-09T00:00:00+00:00', 'dueDate': '2026-03-23T00:00:00+00:00'}`

Mon, 09 Mar 2026 19:15:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22054
Metrics	ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`	ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 09 Mar 2026 13:15:00 +0000

Type	Values Removed	Values Added
References		https://www.greynoise.io/blog/new-ssrf-exploitation-surge
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: vmware

Published: 2021-12-17T16:10:18.000Z

Updated: 2026-03-10T03:55:21.958Z

Reserved: 2021-01-04T00:00:00.000Z

Link: CVE-2021-22054

Vulnrichment

Updated: 2024-08-03T18:30:23.947Z

NVD

Status : Modified

Published: 2021-12-17T17:15:12.590

Modified: 2026-03-09T19:15:58.993

Link: CVE-2021-22054

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Exploitation active

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object