2 matches found
CVE-2021-22054
VMware Workspace ONE UEM console is affected by a server-side request forgery (SSRF) in multiple release branches: 20.0.8 before 20.0.8.37, 20.11.0 before 20.11.0.40, 21.2.0 before 21.2.0.27, and 21.5.0 before 21.5.0.37. The vulnerability allows an attacker with network access to send crafted req...
CVE-2021-22029
CVE-2021-22029 affects VMware Workspace ONE UEM REST API. A malicious actor with access to /API/system/admins/session can cause API denial of service due to improper rate limiting. The NVD lists CVSSv3 base 7.5 (HIGH); VMware’s advisory VMSA-2021-0017 notes a MODERATE severity with CVSSv3 up to 5...