CVE-2021-22054

HIGH KEV NUCLEI

Vmware Workspace One Uem Console < 20.0.8.36 - SSRF

Title source: rule

Description

VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information.

Exploits (1)

nomisec WORKING POC 5 stars
by MKSx · infoleak
https://github.com/MKSx/CVE-2021-22054

Nuclei Templates (1)

VMWare Workspace ONE UEM - Server-Side Request Forgery
HIGHby h1ei1
FOFA: banner="/AirWatch/default.aspx" || header="/AirWatch/default.aspx" || banner="/airwatch/default.aspx" || header="/airwatch/default.aspx"

References (3)

Scores

CVSS v3 7.5
EPSS 0.9394
EPSS Percentile 99.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CISA KEV 2026-03-09
VulnCheck KEV 2025-03-11
ENISA EUVD EUVD-2021-9219
CWE
CWE-918
Status published
Products (1)
vmware/workspace_one_uem_console 20.0.8.0 - 20.0.8.36
Published Dec 17, 2021
KEV Added Mar 09, 2026
Tracked Since Feb 18, 2026