Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
VMware Workspace One UEM allows unauthenticated access to sensitive info
Known exploited
Exploitation likelihood: 94%
CVE-2021-22054
CVE-2021-22054
Summary
A security issue in VMware Workspace One UEM could allow attackers to access sensitive information on the network without needing a password. This could happen if an attacker is able to get onto the network where the UEM server is located. To protect your business, make sure to keep the UEM software up to date with the latest security patches.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| omnissa | workspace one uem | All versions | – |
| vmware | workspace_one_uem_console | > 20.0.8.0 , <= 20.0.8.36 | – |
| vmware | workspace_one_uem_console | > 20.11.0.0 , <= 20.11.0.40 | – |
| vmware | workspace_one_uem_console | > 21.2.0.0 , <= 21.2.0.27 | – |
| vmware | workspace_one_uem_console | > 21.5.0.0 , <= 21.5.0.37 | – |
Original title
Omnissa Workspace ONE Server-Side Request Forgery
Original description
Omnissa Workspace One UEM formerly known as VMware Workspace One UEM contains a server-side request forgery (SSRF) vulnerability that could allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information.
Vulnerability type
CWE-918
Server-Side Request Forgery (SSRF)
Published: 9 Mar 2026 · Updated: 14 Mar 2026 · First seen: 9 Mar 2026