Rewterz Threat Advisory – ICS: Delta Electronics CNCSoft Vulnerability
December 17, 2021Rewterz Threat Alert – APT32 Ocean Lotus – Active IOCs
December 17, 2021Rewterz Threat Advisory – ICS: Delta Electronics CNCSoft Vulnerability
December 17, 2021Rewterz Threat Alert – APT32 Ocean Lotus – Active IOCs
December 17, 2021Severity
High
Analysis Summary
CVE-2021-22054
VMware Workspace ONE UEM console contains a Server Side Request Forgery (SSRF) vulnerability. A malicious actor with network access to UEM can send their requests without authentication and may exploit this issue to gain access to sensitive information.
Impact
- Server Side Request Forgery (SSRF)
- Exposure of sensitive data
Affected Vendors
VMware
Affected Products
- VMware Workspace ONE UEM console 2015
- VMware Workspace ONE UEM console 2012
- VMware Workspace ONE UEM console 2011
- VMware Workspace ONE UEM console 2008
Remediation
Refer to VMware advisory for the fixed versions of the affected products.