CVE-2021-22054

Published Dec 17, 2021

Last updated 3 months ago

Exploit knownCVSS high 7.5
VDI
web application
Network
Server
VMware Workspace ONE UEM console
VMware Workspace ONE
UEM

Overview

AI description

Automated description summarized from trusted sources.

CVE-2021-22054 is a Server-Side Request Forgery (SSRF) vulnerability found in various versions of the VMware Workspace ONE UEM console. This flaw allows a malicious actor with network access to the UEM console to send unauthenticated requests. Exploitation of this vulnerability could enable an attacker to gain access to sensitive information. Affected versions include VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37.

Description
VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information.
Source
security@vmware.com
NVD status
Analyzed
Products
workspace_one_uem_console

Risk scores

CVSS 3.1

Type
Primary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity
HIGH

CVSS 2.0

Type
Primary
Base score
5
Impact score
2.9
Exploitability score
10
Vector string
AV:N/AC:L/Au:N/C:P/I:N/A:N

Known exploits

Data from CISA

Vulnerability name
Omnissa Workspace ONE Server-Side Request Forgery
Exploit added on
Mar 9, 2026
Exploit action due
Mar 23, 2026
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

nvd@nist.gov
CWE-918
134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-918

Social media

Hype score
Not currently trending

  1. CISA has added three vulnerabilities to its Known Exploited Vulnerabilities catalog due to active exploitation: 1. CVE-2021-22054 (CVSS 7.5) - SSRF in Omnissa Workspace One UEM. 2. CVE-2025-26399 (CVSS 9. https://t.co/tHJNScYma6

    @securityRSS

    11 Mar 2026

    95 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CISA adds 3 x exploited vulns to KEV catalog. Info, incl. fix info, at SecAlerts: CVE-2025-26399: https://t.co/oLzBFWDokL CVE-2026-1603: https://t.co/5Duu3lhHy6 CVE-2021-22054: https://t.co/30hzGgqfQl #ciso #cio #cto #vulnerabilities #cybersecurity #msp #mssp #secalerts #CISA

    @SecAlertsCo

    11 Mar 2026

    111 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CISA added CVE-2021-22054, CVE-2025-26399, and CVE-2026-1603 to its Known Exploited Vulnerabilities list due to active attacks. Issues affect SolarWinds Web Help Desk, Ivanti, and Workspace One with federal patch deadlines in 2026. #SolarWinds #Ivanti https://t.co/eX4J3pZZVE

    @TweetThreatNews

    10 Mar 2026

    180 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CISA adds Ivanti Endpoint Manager, SolarWinds Web Help Desk, VMware Workspace ONE flaws (CVE-2025-26399, CVE-2026-1603, CVE-2021-22054) to KEV list amid active exploitation. Patch now. https://t.co/JBOxjkPaQF

    @threatcluster

    10 Mar 2026

    111 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 米国サイバーセキュリティ・社会基盤安全保障庁(CISA)の既知の悪用された脆弱性カタログに3件の脆弱性が追加。Omnissa Workspace ONEのCVE-2021-22054、SolarWinds Web Help DeskのCVE-2025-26399、Ivanti Endpoint Manager (EPM)のCVE-2026-160

    @__kokumoto

    9 Mar 2026

    4254 Impressions

    1 Retweet

    4 Likes

    2 Bookmarks

    0 Replies

    1 Quote

  6. 🛡️ We added Omnissa Workspace ONE UEM vulnerability CVE-2021-22054, SolarWinds Web Help Desk vulnerability CVE-2025-26399, & Ivanti Endpoint Manager vulnerability CVE-2026-1603 to our KEV Catalog. Visit https://t.co/myxOwap1Tf for more information. #Cybersecurity #InfoSe

    @CISACyber

    9 Mar 2026

    4890 Impressions

    9 Retweets

    37 Likes

    1 Bookmark

    1 Reply

    0 Quotes

Configurations

Related CVEs

  1. Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output VulnerabilityCVE-2026-20245
  2. A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to obtain sensitive information.CVE-2026-34911
  3. A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.CVE-2026-34910
  4. A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.CVE-2026-34908
  5. A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account.CVE-2026-34909

References

Sources include official advisories and independent security research.