=====================================================================

                             CERT-Renater

                   Note d'Information No. 2021/VULN659
_____________________________________________________________________

DATE                : 17/12/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running  VMware Workspace ONE UEM console
           versions prior to 21.5.0.37, 21.2.0.27, 20.11.0.40, 20.0.8.36.

=====================================================================
https://www.vmware.com/security/advisories/VMSA-2021-0029.html
_____________________________________________________________________


Critical

Advisory ID:       VMSA-2021-0029
CVSSv3 Range:      9.1
Issue Date:        2021-12-16
Updated On:        2021-12-16 (Initial Advisory)
CVE(s):            CVE-2021-22054
Synopsis:          VMware Workspace ONE UEM console patches address SSRF
                     vulnerability (CVE-2021-22054)


1. Impacted Products

     VMware Workspace ONE UEM console


2. Introduction

A Server Side Request Forgery (SSRF) vulnerability in VMware Workspace
ONE UEM console was privately reported to VMware. Patches and
workarounds are available to address this vulnerability in affected
VMware products. The issue has been mitigated for VMware-hosted
Workspace ONE consoles.


3. Advisory Details

Description

VMware Workspace ONE UEM console contains a Server Side Request Forgery
(SSRF) vulnerability. VMware has evaluated the severity of this issue to
be in the Critical severity range with a maximum CVSSv3 base score of
9.1.

Known Attack Vectors

A malicious actor with network access to UEM can send their requests
without authentication and may exploit this issue to gain access to
sensitive information.

Resolution

Fixes for CVE-2021-22054 are documented in the 'Fixed Version' column of
the 'Response Matrix' below.


Workarounds

Workarounds for CVE-2021-22054 are documented in the 'Workarounds'
column of the 'Response Matrix' below.


Additional Documentation

None.


Notes

None.


Acknowledgements

VMware would like to thank Shubham Shah and James Hebden, of Assetnote,
and Keiran Sampson for reporting this issue to us.


Response Matrix

Product 	Version 	Running On 	CVE Identifier 	CVSSv3 	
Severity 	Fixed Version 	Workarounds 	Additional Documentation

VMware Workspace ONE UEM console     	2105    Any     CVE-2021-22054
9.1      critical       21.5.0.37        KB87167     None

VMware Workspace ONE UEM console       2102       Any     CVE-2021-22054
9.1      critical       21.2.0.27       KB87167      None

VMware Workspace ONE UEM console      2011      Any     CVE-2021-22054
9.1      critical       20.11.0.40      KB87167      None

VMware Workspace ONE UEM console      2008      Any     CVE-2021-22054
9.1      critical       20.0.8.36       KB87167      None


4. References

Fixed Version(s) and Release Notes:


VMware Workspace ONE UEM console 2105
https://resources.workspaceone.com/view/7xw2l35h6fc2pyfjgcnx/en
https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2105/rn/Workspace-ONE-UEM-2105-Release-Notes.html


VMware Workspace ONE UEM console 2102
https://resources.workspaceone.com/view/48ktw9p6spmq8dflll49/en
https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2102/rn/Workspace-ONE-UEM-2102-Release-Notes.html


VMware Workspace ONE UEM console 2011
https://resources.workspaceone.com/view/pdwkjgfsb8b57cxvfnpd/en
https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2011/rn/VMware-Workspace-ONE-UEM-Release-Notes-2011.html


VMware Workspace ONE UEM console 2008
https://resources.workspaceone.com/view/5qtfg6xhrkcp6vp4t4l7/en
https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2008/rn/VMware-Workspace-ONE-UEM-Release-Notes-2008.html



Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22054


FIRST CVSSv3 Calculator:

CVE-2021-22054 - 
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N


5. Change Log

2021-12-16 VMSA-2021-0029
Initial security advisory.


6. Contact

E-mail list for product security notifications and announcements:

https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce


This Security Advisory is posted to the following lists:

security-announce@lists.vmware.com
bugtraq@securityfocus.com
fulldisclosure@seclists.org


E-mail: security@vmware.com

PGP key at:
https://kb.vmware.com/kb/1055


VMware Security Advisories
https://www.vmware.com/security/advisories


VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html


VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html


VMware Security & Compliance Blog
https://blogs.vmware.com/security


Twitter
https://twitter.com/VMwareSRC



Copyright 2021 VMware Inc. All rights reserved.


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================