What is the vulnerability ID for this security issue?

The vulnerability ID for this security issue is CVE-2021-22056.

What is the severity of CVE-2021-22056?

The severity of CVE-2021-22056 is high with a severity value of 7.5.

Which products are affected by CVE-2021-22056?

VMware Workspace ONE Access versions 21.08, 20.10.0.1, and 20.10, as well as Identity Manager versions 3.3.5, 3.3.4, and 3.3.3 are affected by CVE-2021-22056.

What is the impact of CVE-2021-22056?

A malicious actor with network access could exploit CVE-2021-22056 to make HTTP requests to arbitrary origins and read the full response.

Are there any additional references for CVE-2021-22056?

Yes, you can find more information about CVE-2021-22056 at the following link: [VMware Security Advisory VMSA-2021-0030](https://www.vmware.com/security/advisories/VMSA-2021-0030.html)

Vulnerability/
CVE-2021-22056

high

7.5

CWE

918

20/12/2021

3/8/2024

CVE-2021-22056: SSRF

First published: Mon Dec 20 2021(Updated: )

VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response.

Credit: security@vmware.com

Affected Software	Affected Version	How to fix
VMware Workspace ONE Access and Identity Manager	=3.3.3
VMware Workspace ONE Access and Identity Manager	=3.3.4
VMware Workspace ONE Access and Identity Manager	=3.3.5
VMware vRealize Automation	>=8.0<=8.6
VMware vRealize Automation	=7.6
VMware Workspace ONE Access and Identity Manager	=20.10
VMware Workspace ONE Access and Identity Manager	=20.10.01
VMware Workspace ONE Access and Identity Manager	=21.08
VMware Workspace ONE Access and Identity Manager	=21.08.01
Linux Kernel

Remedy

https://www.vmware.com/security/advisories/VMSA-2021-0030.html

Never miss a vulnerability like this again

Reference Links

https://www.vmware.com/security/advisories/VMSA-2021-0030.html

Frequently Asked Questions

What is the vulnerability ID for this security issue?
The vulnerability ID for this security issue is CVE-2021-22056.
What is the severity of CVE-2021-22056?
The severity of CVE-2021-22056 is high with a severity value of 7.5.
Which products are affected by CVE-2021-22056?
VMware Workspace ONE Access versions 21.08, 20.10.0.1, and 20.10, as well as Identity Manager versions 3.3.5, 3.3.4, and 3.3.3 are affected by CVE-2021-22056.
What is the impact of CVE-2021-22056?
A malicious actor with network access could exploit CVE-2021-22056 to make HTTP requests to arbitrary origins and read the full response.
Are there any additional references for CVE-2021-22056?
Yes, you can find more information about CVE-2021-22056 at the following link: [VMware Security Advisory VMSA-2021-0030](https://www.vmware.com/security/advisories/VMSA-2021-0030.html)

agent/type
collector/mitre-cve
source/MITRE
agent/weakness
agent/remedy
agent/last-modified-date
agent/references
agent/severity
agent/author
agent/description
agent/event
agent/first-publish-date
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/vmware
canonical/vmware workspace one access and identity manager
version/vmware workspace one access and identity manager/3.3.3
version/vmware workspace one access and identity manager/3.3.4
version/vmware workspace one access and identity manager/3.3.5
canonical/vmware vrealize automation
version/vmware vrealize automation/8.0
version/vmware vrealize automation/8.6
version/vmware vrealize automation/7.6
version/vmware workspace one access and identity manager/20.10
version/vmware workspace one access and identity manager/20.10.01
version/vmware workspace one access and identity manager/21.08
version/vmware workspace one access and identity manager/21.08.01
vendor/linux
canonical/linux kernel