Back to KEVs

CVE-2021-22054

VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37...

Basic Information

CVE State
PUBLISHED
Reserved Date
January 04, 2021
Published Date
December 17, 2021
Last Updated
March 11, 2026
Vendor
n/a
Product
VMware Workspace ONE UEM console
Description
VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information.
Tags
cisa nuclei_scanner

CVSS Scores

CVSS v3.1

7.5 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2.0

5.0

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

SSVC Information

Exploitation
active
Automatable
Yes
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2026-06-01 13:30:35 UTC) Source
Proof of Concept Available
Yes (added 2022-06-03 14:06:02 UTC) Source

References

https://www.vmware.com/security/advisories/VMSA-2021-0029.html

Known Exploited Vulnerability Information

Source Added Date
CVE 2026-06-01 12:09:48 UTC

Scanner Integrations

Scanner URL Date Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-22054.yaml 2025-04-25 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

MKSx/CVE-2021-22054

Type: github • Created: 2022-06-03 14:06:02 UTC • Stars: 4

Generate SSRF payloads

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Proof of Concept Exploit Available

  • Detected by Nuclei

  • Added to KEVIntel