.owl-carousel .owl-video-play-icon{--wpr-bg-9aba08da-e1f2-4cb0-b522-366379e7f1c9: url('https://www.digitalxraid.com/app/themes/digitalxraid/dist/styles/owl.video.play.png');}.carousel__slides .owl-video-play-icon,.owl-carousel .owl-video-play-icon,.posts-feed .carousel .owl-video-play-icon,.products-feed .carousel .products .owl-video-play-icon{--wpr-bg-3b51ac95-46f9-4802-a00b-a5d2b788d207: url('https://www.digitalxraid.com/app/themes/digitalxraid/dist/styles/owl.video.play.png');}.bg-brand-2-block2 .container .block--2:before{--wpr-bg-37adbec1-f82f-46fd-a8df-04a27250c1d3: url('https://www.digitalxraid.com/app/uploads/2021/02/square-mesh-landscape.jpg');}.col--1-1-1--features:before{--wpr-bg-d09ee67d-6cd6-4f06-ae82-f4da6fe0f0e2: url('https://www.digitalxraid.com/app/themes/digitalxraid/dist/images/DXR_crest.png');}.partner-portal .portal--downloads a:before{--wpr-bg-060e9986-facd-4f20-828d-5ef5df2f09b5: url('https://www.digitalxraid.com/app/themes/digitalxraid/dist/images/pdf-icon.svg');}.image--title-overlay.best-seller-icon .overlay:before{--wpr-bg-fa60d9bd-af0f-4beb-8f6f-95bd51f5e516: url('https://www.digitalxraid.com/app/themes/digitalxraid/dist/images/best-seller-icon-2x.png');}.icon-section .titles .icon:before{--wpr-bg-6fdd35cf-ee38-461d-b6c0-d9ec499ab5e8: url('https://www.digitalxraid.com/app/themes/digitalxraid/dist/images/icon-x.png');}.icon-section .titles:before{--wpr-bg-05f7bd53-3b5e-472b-bf81-39b0f399ecc1: url('https://www.digitalxraid.com/app/themes/digitalxraid/dist/images/green-arrow.png');}.toggle-content-top .container--col-1-1 .block--2{--wpr-bg-f878b35d-17a5-4062-bc7b-fec767f6302f: url('https://www.digitalxraid.com/app/themes/digitalxraid/dist/images/toggle-bg.jpg');}#toggle-content-control .container--col-1-1-1-1>.block:before,#toggle-content-control .icon-section>.block:before{--wpr-bg-97247b11-d815-4205-94c4-425476a2839a: url('https://www.digitalxraid.com/app/themes/digitalxraid/dist/images/blue-arrow.png');}.background-x:before{--wpr-bg-ffe8ca51-ba66-4c4c-bcce-52624c77c9d0: url('https://www.digitalxraid.com/app/themes/digitalxraid/dist/images/grey-x.png');}.icon-grey-green-section .container--col-1-1-1-1>.block:before,.icon-grey-green-section .icon-section>.block:before{--wpr-bg-f0316b2f-3119-4e90-92d9-e31caeec004f: url('https://www.digitalxraid.com/app/themes/digitalxraid/dist/images/blue-arrow.png');}.cyber-essentials--bottom .container--col-1-1-1 .block--2:before,.cyber-essentials--bottom .container--col-1-1-1 .block--3:before{--wpr-bg-7c438483-5daa-47ee-8d05-4d77a4bd9c09: url('https://www.digitalxraid.com/app/themes/digitalxraid/dist/images/DXR-X.png');}.compare-solutions .container--col-1-1-1 .block:before{--wpr-bg-cf357558-cfea-4300-9795-fc441f86640b: url('https://www.digitalxraid.com/app/themes/digitalxraid/dist/images/DXR-X.png');}.compare-solutions .container--col-1-1-1 .block .content-area ul li ul:before{--wpr-bg-fff2ed5d-ec0f-49d2-a459-238fdaa5b61c: url('https://www.digitalxraid.com/app/themes/digitalxraid/dist/images/tooltip.png');}

X

VMware Workspace ONE UEM SSRF vulnerability patch

Threat Intelligence from DigitalXRAID’s Security Operations Centre analysts:

VMware have issued a critical update for VMware Workspace One UEM which has been found to be vulnerable to a Sever Side Request Forgery (SSRF).

VMware has evaluated the severity of issue to be critical, with a CVSSv2 base sore of 9.1. They have warned that malicious actors with network access to UEM are able to send their requests without authentication and may use this to gain access to sensitive information. No further information on the risk has been provided at this time.

The advisory has been issued under VMSA-2021-0029, and the vulnerability has been logged as CVE-2021-22054.

VMware have released a list of patches; the full list of affected versions and the available patches can be seen below:

Impacted Versions	Fixed Versions
2109	Workspace ONE UEM patch 21.9.0.13 and above
2105	Workspace ONE UEM patch 21.5.0.37 and above
2102	Workspace ONE UEM patch 21.2.0.27 and above
2101	Workspace ONE UEM patch 21.1.0.27 and above
2011	Workspace ONE UEM patch 20.11.0.40 and above
2010	Workspace ONE UEM patch 20.10.0.23 and above
2008	Workspace ONE UEM patch 20.8.0.36 and above
2007	Workspace ONE UEM patch 20.7.0.17 and above

Alternatively, if immediate patching is not possible, VMware have offered a short-term workaround. The workaround involves patching the Workspace One UEM ‘web.config’ file on all Windows Severs. A complete guide on how to perform this workaround is provided by VMware at: https://kb.vmware.com/s/article/87167

If you need any support or have suffered a breach then call or email us now 0800 066 4509. Our certified experts are here to help. We’re open 24 hours 7 days a week.

Previous Article

Cyber Security Predictions for 2022

Next Article

Threat Intelligence: Conti Ransomware group exploiting Log4Shell

Protect Your Business & Your Reputation.

With a continued focus on security, you can rest assured that breaches and exploits won't be holding you back.

Speak To An Expert