CISA urges VMware admins to patch critical flaw in Workspace ONE UEM


Level 37
Thread author
Top Poster
Feb 4, 2016
CISA has asked VMware admins and users today to patch a critical security vulnerability found in the Workspace ONE UEM console that threat actors could abuse to gain access to sensitive information.

Workspace ONE Unified Endpoint Management (ONE UEM) is a VMware solution for over-the-air remote management of desktops, mobile, rugged, wearables, and IoT devices.

The flaw tracked as CVE-2021-22054 is a server side request forgery (SSRF) vulnerability with a severity rating of 9.1/10 and impacting multiple ONE UEM console versions.
Unauthenticated threat actors can exploit this vulnerability remotely in low-complexity attacks without user interaction.

"A malicious actor with network access to UEM can send their requests without authentication and may exploit this issue to gain access to sensitive information," VMware explained in a security advisory issued on Thursday.

"CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0029 and apply the necessary mitigation," CISA said today.
  • Like
Reactions: upnorth

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.