πŸ”΄ CVE-2021-22054

VMware Workspace ONE UEM console contains an unauthenticated SSRF vulnerability that allows remote attackers to access sensitive information. This enterprise mobility management platform is commonly exposed to the internet for device management purposes.

← Back to Overview
HIGH_RISK
Risk Level
7.5
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 β€” Exploit Public-Facing Application
ATT&CK Technique
HIGH
Deployment Risk
No
Ransomware

πŸ“‹ Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2021-12-17

Added to CISA KEV: 2026-03-09 1543 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

πŸ” Web Intelligence (Kagi Β· 2026-06-04)

CVE-2021-22054 is a high-severity Server-Side Request Forgery (SSRF) vulnerability affecting the VMware Workspace ONE UEM (Unified Endpoint Management) console [1].

Vulnerability Overview
  • Nature of Vulnerability: The vulnerability is an SSRF flaw that allows an unauthenticated attacker with network access to the UEM console to send unauthorized requests [1].
  • Impact: Successful exploitation allows an attacker to gain access to sensitive information [1].
  • Exploitation Requirements:
* Network Access: Required. The attacker must have network access to the UEM console [1]. * Authentication: Not required (the attack is performed without authentication) [1]. * User Interaction: None required.
Exploitation and Threat Activity
  • Active Exploitation: While public proof-of-concept (PoC) code has been associated with this CVE on platforms like GitHub [2], there is no widespread documentation of it being a primary vector in major ransomware campaigns or specific targeted APT campaigns compared to other high-profile VMware vulnerabilities from that period. However, given the nature of SSRF in management consoles, it is considered a high-value target for initial access or reconnaissance.
Affected Versions and Mitigation
The following versions of the VMware Workspace ONE UEM console were identified as vulnerable and required patching [1]:
Product VersionVulnerable RangePatched Version
Workspace ONE UEM console20.0.8 prior to 20.0.8.3720.0.8.37 or later
Workspace ONE UEM console20.11.0 prior to 20.11.0.4020.11.0.40 or later
Workspace ONE UEM console21.2.0 prior to 21.2.0.2721.2.0.27 or later
Workspace ONE UEM console21.5.0 prior to 21.5.0.3721.5.0.37 or later

Users are advised to ensure their UEM console is updated to the respective patched versions or higher to mitigate this risk.

Sources

  1. CVE-2021-22054 Detail - NVD

    This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information. ... Description VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0…

  2. CVE-2021-22054 - Omnissa Workspace ONE Server-Side Request...

    CVE-2021-22054 has a 9 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list. References.The following table lists the changes that have been made to the CVE-2021-22054 vulnerability over time. Vulnerability history details can be useful for understanding the evolutio…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

πŸ“„ Download JSON Data | πŸ“‘ RSS Feed