Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-22054

KEV EPSS 93.84% · P100
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-22054

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Vmware Workspace One 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Vmware Vmware Workspace One是美国Vmware公司的一个用于支持跨设备应用于快速交付、管理应用程序的平台。该平台包含VMware Horizon 和 VMware Horizon Cloud,将访问控制、应用程序管理和多平台端点管理集成到一个平台中,可高效管理多个设备。 VMware Workspace ONE UEM 存在代码问题漏洞,该漏洞源于VMware Workspace ONE UEM控制台20.0.8之前的20.0.8.37、20.11.0之前的20.11.0.40、
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
-VMware Workspace ONE UEM console VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37. -

II. Public POCs for CVE-2021-22054

#POC DescriptionSource LinkShenlong Link
1Generate SSRF payloadshttps://github.com/MKSx/CVE-2021-22054POC Details
2VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain a server-side request forgery vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information.https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-22054.yamlPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2021-22054

登录查看更多情报信息。

Same Patch Batch · n/a · 2021-12-17 · 51 CVEs total

CVE-2021-238039.8 CRITICALAccess Control Bypass
CVE-2021-234507.5 HIGHPrototype Pollution
CVE-2021-237977.5 HIGHDirectory Traversal
CVE-2021-238146.7 MEDIUMlaravel-filemanager代码问题漏洞
CVE-2021-440354.4 MEDIUMWolters Kluwer TeamMate AM 安全漏洞
CVE-2021-0676MediaTek 芯片 缓冲区错误漏洞
CVE-2021-4008xorg-x11-server 缓冲区错误漏洞
CVE-2021-4010xorg-x11-server 缓冲区错误漏洞
CVE-2021-4009xorg-x11-server 缓冲区错误漏洞
CVE-2021-4011xorg-x11-server 缓冲区错误漏洞
CVE-2021-32497SICK SOPAS ET安全漏洞
CVE-2021-32498SICK SOPAS ET 4.8.0 路径遍历漏洞
CVE-2021-32499SICK SOPAS ET 注入漏洞
CVE-2021-0677MediaTek Ccu 输入验证错误漏洞
CVE-2021-42584Nordaaker Convos 跨站脚本漏洞
CVE-2021-0678MediaTek Apusys缓冲区错误漏洞
CVE-2021-0893MediaTek Apusys 资源管理错误漏洞
CVE-2021-0679MediaTek Apusys缓冲区错误漏洞
CVE-2021-0894MediaTek Apusys缓冲区错误漏洞
CVE-2021-0895MediaTek Apusys缓冲区错误漏洞

Showing top 20 of 51 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: VMware Workspace ONE UEM console
Same vendor: n/a

V. Comments for CVE-2021-22054

No comments yet

Leave a comment