CVE-2021-22056: SSRF
First published: Mon Dec 20 2021(Updated: )
VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response.
Credit: security@vmware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware Identity Manager | =3.3.3 | |
| VMware Identity Manager | =3.3.4 | |
| VMware Identity Manager | =3.3.5 | |
| VMware vRealize Automation | >=8.0<=8.6 | |
| VMware vRealize Automation | =7.6 | |
| VMware Workspace ONE Access | =20.10 | |
| VMware Workspace ONE Access | =20.10.01 | |
| VMware Workspace ONE Access | =21.08 | |
| VMware Workspace ONE Access | =21.08.01 | |
| Linux Linux kernel |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this security issue?
The vulnerability ID for this security issue is CVE-2021-22056.
What is the severity of CVE-2021-22056?
The severity of CVE-2021-22056 is high with a severity value of 7.5.
Which products are affected by CVE-2021-22056?
VMware Workspace ONE Access versions 21.08, 20.10.0.1, and 20.10, as well as Identity Manager versions 3.3.5, 3.3.4, and 3.3.3 are affected by CVE-2021-22056.
What is the impact of CVE-2021-22056?
A malicious actor with network access could exploit CVE-2021-22056 to make HTTP requests to arbitrary origins and read the full response.
Are there any additional references for CVE-2021-22056?
Yes, you can find more information about CVE-2021-22056 at the following link: [VMware Security Advisory VMSA-2021-0030](https://www.vmware.com/security/advisories/VMSA-2021-0030.html)
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/vmware
- canonical/vmware identity manager
- version/vmware identity manager/3.3.3
- version/vmware identity manager/3.3.4
- version/vmware identity manager/3.3.5
- canonical/vmware vrealize automation
- version/vmware vrealize automation/8.0
- version/vmware vrealize automation/8.6
- version/vmware vrealize automation/7.6
- canonical/vmware workspace one access
- version/vmware workspace one access/20.10
- version/vmware workspace one access/20.10.01
- version/vmware workspace one access/21.08
- version/vmware workspace one access/21.08.01
- vendor/linux
- canonical/linux linux kernel