CVE-2021-22054 Scanner
Detects 'Server Side Template Injection (SSTI)' vulnerability in VMware Workspace ONE UEM console affects v. VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
2 months 4 weeks
Scan only one
URL
Toolbox
-
VMware Workspace ONE UEM console is an enterprise-grade mobile device management solution used to manage, secure and operate endpoint devices, such as smartphones, tablets, and laptops. The console is utilized in large organizations and businesses to provide centralized mobility management and streamline the deployment of business applications and data to employee devices. Workspace ONE provides a comprehensive set of management features, including device enrollment, policy management, application distribution, and security controls.
Recently, a vulnerability called CVE-2021-22054 was detected in the VMware Workspace ONE UEM console, which could potentially leave organizations vulnerable to cyber-attacks. This SSRF (Server Side Request Forgery) vulnerability could allow hackers with access to the network to send requests to the UEM console without authentication. This type of vulnerability is particularly dangerous because it enables the attacker to gain access to sensitive data that should remain confidential.
Exploitation of the CVE-2021-22054 vulnerability could lead to the unauthorized access of sensitive information, including usernames, passwords, client data, personal information, and intellectual property. Malicious actors could also use the vulnerability to gain access to the entire device management infrastructure, allowing them to execute malicious commands to remotely take control of employee devices and potentially infiltrate the organization's sensitive information.
In conclusion, cybersecurity threats and vulnerabilities are becoming widespread and more sophisticated, making it crucial for organizations to secure their digital assets. With the pro features of the s4e.io platform, readers of this article can easily and quickly learn about vulnerabilities and threats in their digital infrastructure. By subscribing to the platform, businesses can stay up to date with the latest vulnerabilities, enabling them to protect their data and assets from cyber-attacks.
REFERENCES