Exposures › CVE-2021-22054
Omnissa Workspace ONE UEM suffered a server-side request forgery (SSRF) vulnerability allowing unauthenticated network access to sensitive data.
This SSRF flaw in Omnissa Workspace ONE UEM permits attackers with network access to bypass authentication and retrieve sensitive information, posing a significant risk to DIB organizations relying on this endpoint management solution. The vulnerability is actively exploited and requires immediate patching to prevent unauthorized data exfiltration and potential lateral movement within the network.
Shame score — While actively exploited, the vulnerability was disclosed and patched without lying about compliance or default credentials.
Omnissa Workspace One UEM formerly known as VMware Workspace One UEM contains a server-side request forgery (SSRF) vulnerability that could allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information.
No correlated FedRAMP products.