Lucene search

[email protected]CVE-2021-21990

HistoryMay 11, 2021 - 2:15 p.m.

CVE-2021-21990

2021-05-1114:15:07

CWE-79

[email protected]

web.nvd.nist.gov

cve-2021-21990

vmware workspace one

uem console

cross-site scripting

vulnerability

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

44.8%

JSON

VMware Workspace one UEM console (2102 prior to 21.2.0.8, 2101 prior to 21.1.0.14, 2011 prior to 20.11.0.27, 2010 prior to 20.10.0.16,2008 prior to 20.8.0.28, 2007 prior to 20.7.0.14,2006 prior to 20.6.0.19, 2005 prior to 20.5.0.46, 2004 prior to 20.4.0.21, 2003 prior to 20.3.0.23, 2001 prior to 20.1.0.32, 1912 prior to 19.12.0.24) contain a cross-site scripting vulnerability. VMware Workspace ONE UEM console does not validate incoming requests during device enrollment after leading to rendering of unsanitized input on the user device in response.

Affected configurations

NVD

Node

vmwareworkspace_one_unified_endpoint_managementRange19.0.0.0–19.12.0.24

vmwareworkspace_one_unified_endpoint_managementRange20.1.0.0–20.1.0.32

vmwareworkspace_one_unified_endpoint_managementRange20.3.0.0–20.3.0.23

vmwareworkspace_one_unified_endpoint_managementRange20.4.0.0–20.4.0.21

vmwareworkspace_one_unified_endpoint_managementRange20.5.0.0–20.5.0.46

vmwareworkspace_one_unified_endpoint_managementRange20.6.0.0–20.6.0.19

vmwareworkspace_one_unified_endpoint_managementRange20.7.0.0–20.7.0.14

vmwareworkspace_one_unified_endpoint_managementRange20.8.0.0–20.8.0.28

vmwareworkspace_one_unified_endpoint_managementRange20.10.0.0–20.10.0.16

vmwareworkspace_one_unified_endpoint_managementRange20.11.0.0–20.11.0.27

vmwareworkspace_one_unified_endpoint_managementRange21.1.0.0–21.1.0.14

vmwareworkspace_one_unified_endpoint_managementRange21.2.0.0–21.2.0.8

CPENameOperatorVersion
vmware:workspace_one_unified_endpoint_managementvmware workspace one unified endpoint managementlt19.12.0.24
vmware:workspace_one_unified_endpoint_managementvmware workspace one unified endpoint managementlt20.1.0.32
vmware:workspace_one_unified_endpoint_managementvmware workspace one unified endpoint managementlt20.3.0.23
vmware:workspace_one_unified_endpoint_managementvmware workspace one unified endpoint managementlt20.4.0.21
vmware:workspace_one_unified_endpoint_managementvmware workspace one unified endpoint managementlt20.5.0.46
vmware:workspace_one_unified_endpoint_managementvmware workspace one unified endpoint managementlt20.6.0.19
vmware:workspace_one_unified_endpoint_managementvmware workspace one unified endpoint managementlt20.7.0.14
vmware:workspace_one_unified_endpoint_managementvmware workspace one unified endpoint managementlt20.8.0.28
vmware:workspace_one_unified_endpoint_managementvmware workspace one unified endpoint managementlt20.10.0.16
vmware:workspace_one_unified_endpoint_managementvmware workspace one unified endpoint managementlt20.11.0.27

CPE	Name	Operator	Version
vmware:workspace_one_unified_endpoint_management	vmware workspace one unified endpoint management	lt	19.12.0.24
vmware:workspace_one_unified_endpoint_management	vmware workspace one unified endpoint management	lt	20.1.0.32
vmware:workspace_one_unified_endpoint_management	vmware workspace one unified endpoint management	lt	20.3.0.23
vmware:workspace_one_unified_endpoint_management	vmware workspace one unified endpoint management	lt	20.4.0.21
vmware:workspace_one_unified_endpoint_management	vmware workspace one unified endpoint management	lt	20.5.0.46
vmware:workspace_one_unified_endpoint_management	vmware workspace one unified endpoint management	lt	20.6.0.19
vmware:workspace_one_unified_endpoint_management	vmware workspace one unified endpoint management	lt	20.7.0.14
vmware:workspace_one_unified_endpoint_management	vmware workspace one unified endpoint management	lt	20.8.0.28
vmware:workspace_one_unified_endpoint_management	vmware workspace one unified endpoint management	lt	20.10.0.16
vmware:workspace_one_unified_endpoint_management	vmware workspace one unified endpoint management	lt	20.11.0.27

Rows per page:

1-10 of 121

CNA Affected

[
  {
    "product": "Vmware Workspace One UEM console",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "VMware Workspace one UEM console (2102 prior to 21.2.0.8, 2101 prior to 21.1.0.14, 2011 prior to 20.11.0.27, 2010 prior to 20.10.0.16,2008 prior to 20.8.0.28, 2007 prior to 20.7.0.14,2006 prior to 20.6.0.19, 2005 prior to 20.5.0.46, 2004 prior to 20.4.0.21, 2003 prior to 20.3.0.23, 2001 prior to 20.1.0.32, 1912 prior to 19.12.0.24)"
      }
    ]
  }
]

References

herolab.usd.de/security-advisories/usd-2021-0008/

www.vmware.com/security/advisories/VMSA-2021-0008.html

Social References

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

44.8%

JSON

Related for CVE-2021-21990

prion1 vmware1 cvelist1 nvd1