VMware Workspace ONE UEM SSRF vulnerability patch
Threat Intelligence from DigitalXRAID’s Security Operations Centre analysts:
VMware have issued a critical update for VMware Workspace One UEM which has been found to be vulnerable to a Sever Side Request Forgery (SSRF).
VMware has evaluated the severity of issue to be critical, with a CVSSv2 base sore of 9.1. They have warned that malicious actors with network access to UEM are able to send their requests without authentication and may use this to gain access to sensitive information. No further information on the risk has been provided at this time.
The advisory has been issued under VMSA-2021-0029, and the vulnerability has been logged as CVE-2021-22054.
VMware have released a list of patches; the full list of affected versions and the available patches can be seen below:
Impacted Versions | Fixed Versions |
2109 | Workspace ONE UEM patch 21.9.0.13 and above |
2105 | Workspace ONE UEM patch 21.5.0.37 and above |
2102 | Workspace ONE UEM patch 21.2.0.27 and above |
2101 | Workspace ONE UEM patch 21.1.0.27 and above |
2011 | Workspace ONE UEM patch 20.11.0.40 and above |
2010 | Workspace ONE UEM patch 20.10.0.23 and above |
2008 | Workspace ONE UEM patch 20.8.0.36 and above |
2007 | Workspace ONE UEM patch 20.7.0.17 and above |
Alternatively, if immediate patching is not possible, VMware have offered a short-term workaround. The workaround involves patching the Workspace One UEM ‘web.config’ file on all Windows Severs. A complete guide on how to perform this workaround is provided by VMware at: https://kb.vmware.com/s/article/87167
If you need any support or have suffered a breach then call or email us now 0800 066 4509. Our certified experts are here to help. We’re open 24 hours 7 days a week.