CVE-2021-22056

🗓️ 20 Dec 2021 20:08:27Reported by vmwareType

VMware Workspace ONE Access and Identity Manager SSRF vulnerability CVE-2021-2205

Reporter	Title	Published	Views	Family All 10
BDU FSTEC	The vulnerability of the Workspace ONE Access software lies in the insufficient checking of incoming requests, allowing attackers to compromise the confidentiality and integrity of the protected information.	15 Apr 202200:00	–	bdu_fstec
Circl	CVE-2021-22056	21 Dec 202100:11	–	circl
CNNVD	Vmware Workspace One Access 代码问题漏洞	20 Dec 202100:00	–	cnnvd
Cvelist	CVE-2021-22056	20 Dec 202120:08	–	cvelist
EUVD	EUVD-2021-9221	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in VMware products	20 Dec 202100:00	–	ncsc
NVD	CVE-2021-22056	20 Dec 202121:15	–	nvd
Prion	Server side request forgery (ssrf)	20 Dec 202121:15	–	prion
RedhatCVE	CVE-2021-22056	9 Jan 202611:19	–	redhatcve
VMware	VMSA-2021-0030:VMware Workspace ONE Access, Identity Manager and vRealize Automation updates address multiple vulnerabilities	16 Dec 202100:00	–	vmware

NVD

Node

vmware identity_managerMatch3.3.3

vmware identity_managerMatch3.3.4

vmware identity_managerMatch3.3.5

vmware vrealize_automationRange8.0–8.6

vmware vrealize_automationMatch7.6

vmware workspace_one_accessMatch20.10

vmware workspace_one_accessMatch20.10.01

vmware workspace_one_accessMatch21.08

vmware workspace_one_accessMatch21.08.01

AND

linux linux_kernelMatch-

[
  {
    "product": "VMware Workspace ONE Access and Identity Manager",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3"
      }
    ]
  }
]

Source	Link
vmware	www.vmware.com/security/advisories/VMSA-2021-0030.html

21 Nov 2024 05:49Current

7.6High risk

Vulners AI Score7.6

CVSS 25

CVSS 3.17.5

EPSS0.00747

CWE-918