VIR Vulnerability Intelligence Relay

CVE-2021-22054

unknown KEV
Published 2026-03-09 · Modified 2026-03-09
CVSS v3
CVSS v2
VIR risk
1.5

Description

Omnissa Workspace One UEM formerly known as VMware Workspace One UEM contains a server-side request forgery (SSRF) vulnerability that could allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information.

CISA KEV

Vendor
Omnissa
Product
Workspace One UEM
Due date
2026-03-23

Predictions

Exploit likelihood
99%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cisa-kev — https://web.archive.org/web/20211222154335/https://www.vmware.com/security/advisories/VMSA-2021-0029.html ; https://nvd.nist.gov/vuln/detail/CVE-2021-22054

Exploits

References

Verify integrity in audit chain (admin only). AS-IS.