CVE-2021-22054
Published: 17 December 2021
Summary
CVE-2021-22054 is a high-severity SSRF (CWE-918) vulnerability in Vmware Workspace One Uem Console. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
VMware Workspace ONE UEM console versions 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain a server-side request forgery vulnerability tracked as CVE-2021-22054 and CWE-918. The flaw carries a CVSS 3.1 score of 7.5 and resides in the console component that processes unauthenticated network requests.
An attacker with network access to the UEM console can exploit the issue without authentication to submit arbitrary requests through the affected server, resulting in unauthorized disclosure of sensitive information.
The official VMware advisory VMSA-2021-0029 details the affected releases and corresponding fixed builds that remediate the SSRF vector. CISA has added the CVE to its catalog of known exploited vulnerabilities, and GreyNoise has reported an observed surge in SSRF exploitation attempts that includes this class of flaw.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-9219
Vulnerability details
VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send…
more
their requests without authentication and to gain access to sensitive information.
- CWE(s)
- KEV Date Added
- 09 March 2026
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly blocks the unauthenticated network requests that the SSRF flaw permits to the UEM console.
Validates URL/input data to stop the server from being tricked into issuing arbitrary outbound requests.
Restricts which hosts can reach the console and can limit the console's own outbound connections used for SSRF.