Cyber Resilience

CVE-2021-22054

HighCISA KEVActive ExploitationEUVD Exploited

Published: 17 December 2021

Published
17 December 2021
Modified
10 March 2026
KEV Added
09 March 2026
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.9384 99.9th percentile
Risk Priority 91 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-22054 is a high-severity SSRF (CWE-918) vulnerability in Vmware Workspace One Uem Console. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

VMware Workspace ONE UEM console versions 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain a server-side request forgery vulnerability tracked as CVE-2021-22054 and CWE-918. The flaw carries a CVSS 3.1 score of 7.5 and resides in the console component that processes unauthenticated network requests.

An attacker with network access to the UEM console can exploit the issue without authentication to submit arbitrary requests through the affected server, resulting in unauthorized disclosure of sensitive information.

The official VMware advisory VMSA-2021-0029 details the affected releases and corresponding fixed builds that remediate the SSRF vector. CISA has added the CVE to its catalog of known exploited vulnerabilities, and GreyNoise has reported an observed surge in SSRF exploitation attempts that includes this class of flaw.

EU & UK References

Vulnerability details

VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send…

more

their requests without authentication and to gain access to sensitive information.

CWE(s)
KEV Date Added
09 March 2026

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

vmware
workspace one uem console
20.0.8.0 — 20.0.8.36 · 20.11.0.0 — 20.11.0.40 · 21.2.0.0 — 21.2.0.27

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly blocks the unauthenticated network requests that the SSRF flaw permits to the UEM console.

prevent

Validates URL/input data to stop the server from being tricked into issuing arbitrary outbound requests.

prevent

Restricts which hosts can reach the console and can limit the console's own outbound connections used for SSRF.

References