CVSS: 7.5EPSS: 69%CPEs: 4EXPL: 1CVE-2021-22054 – VMware Security Advisory 2021-0029
https://notcve.org/view.php?id=CVE-2021-22054
17 Dec 2021 — VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information. La consola VMware Workspace ONE UEM versiones 20.0.8 anteriores a 20.0.8.37, versiones 20.11.0 anteriores a 20.11.0.40, versiones 21.2.0 anteriores a 21.2.0.27 y versiones 21.5.0... • https://github.com/MKSx/CVE-2021-22054 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-22029
https://notcve.org/view.php?id=CVE-2021-22029
31 Aug 2021 — VMware Workspace ONE UEM REST API contains a denial of service vulnerability. A malicious actor with access to /API/system/admins/session could cause an API denial of service due to improper rate limiting. La API REST de VMware Workspace ONE contiene una vulnerabilidad de denegación de servicio. Un actor malicioso con acceso a /API/system/admins/session podría causar una denegación de servicio de la API debido a una limitación de velocidad inapropiada • https://www.vmware.com/security/advisories/VMSA-2021-0017.html • CWE-770: Allocation of Resources Without Limits or Throttling •