CVE-2021-21990

Severity Score

6.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

VMware Workspace one UEM console (2102 prior to 21.2.0.8, 2101 prior to 21.1.0.14, 2011 prior to 20.11.0.27, 2010 prior to 20.10.0.16,2008 prior to 20.8.0.28, 2007 prior to 20.7.0.14,2006 prior to 20.6.0.19, 2005 prior to 20.5.0.46, 2004 prior to 20.4.0.21, 2003 prior to 20.3.0.23, 2001 prior to 20.1.0.32, 1912 prior to 19.12.0.24) contain a cross-site scripting vulnerability. VMware Workspace ONE UEM console does not validate incoming requests during device enrollment after leading to rendering of unsanitized input on the user device in response.

Consola de VMware Workspace one UEM (versiones 2102 anteriores a 21.2.0.8, versiones 2101 anteriores a 21.1.0.14, versiones 2011 anteriores a 20.11.0.27, versiones 2010 anteriores a 20.10.0.16,2008 versiones anteriores a 20.8.0.28, versiones 2007 anteriores a 20.7.0.14, versiones 2006 anteriores a 20.6.0.19, versiones 2005 anteriores a 20.5.0.46, versiones 2004 anteriores a 20.4.0.21, versiones 2003 anteriores a 20.3.0.23, versiones 2001 anteriores a 20.1.0.32, versiones 1912 anteriores a 19.12.0.24), contienen una vulnerabilidad de tipo cross-site scripting. La consola VMware Workspace ONE UEM no comprueba las peticiones entrantes durante la inscripción del dispositivo después de generar una entrada no saneada en el dispositivo usuario en respuesta

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-01-04 CVE Reserved
2021-05-11 CVE Published
2024-01-25 EPSS Updated
2024-08-03 CVE Updated
2024-08-03 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC
https://herolab.usd.de/security-advisories/usd-2021-0008	2024-08-03

URL	Date	SRC

URL	Date	SRC
https://www.vmware.com/security/advisories/VMSA-2021-0008.html	2022-06-05

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Vmware Search vendor "Vmware"		Workspace One Unified Endpoint Management Search vendor "Vmware" for product "Workspace One Unified Endpoint Management"				>= 19.0.0.0 < 19.12.0.24 Search vendor "Vmware" for product "Workspace One Unified Endpoint Management" and version " >= 19.0.0.0 < 19.12.0.24"		-		Affected
Vmware Search vendor "Vmware"		Workspace One Unified Endpoint Management Search vendor "Vmware" for product "Workspace One Unified Endpoint Management"				>= 20.1.0.0 < 20.1.0.32 Search vendor "Vmware" for product "Workspace One Unified Endpoint Management" and version " >= 20.1.0.0 < 20.1.0.32"		-		Affected
Vmware Search vendor "Vmware"		Workspace One Unified Endpoint Management Search vendor "Vmware" for product "Workspace One Unified Endpoint Management"				>= 20.3.0.0 < 20.3.0.23 Search vendor "Vmware" for product "Workspace One Unified Endpoint Management" and version " >= 20.3.0.0 < 20.3.0.23"		-		Affected
Vmware Search vendor "Vmware"		Workspace One Unified Endpoint Management Search vendor "Vmware" for product "Workspace One Unified Endpoint Management"				>= 20.4.0.0 < 20.4.0.21 Search vendor "Vmware" for product "Workspace One Unified Endpoint Management" and version " >= 20.4.0.0 < 20.4.0.21"		-		Affected
Vmware Search vendor "Vmware"		Workspace One Unified Endpoint Management Search vendor "Vmware" for product "Workspace One Unified Endpoint Management"				>= 20.5.0.0 < 20.5.0.46 Search vendor "Vmware" for product "Workspace One Unified Endpoint Management" and version " >= 20.5.0.0 < 20.5.0.46"		-		Affected
Vmware Search vendor "Vmware"		Workspace One Unified Endpoint Management Search vendor "Vmware" for product "Workspace One Unified Endpoint Management"				>= 20.6.0.0 < 20.6.0.19 Search vendor "Vmware" for product "Workspace One Unified Endpoint Management" and version " >= 20.6.0.0 < 20.6.0.19"		-		Affected
Vmware Search vendor "Vmware"		Workspace One Unified Endpoint Management Search vendor "Vmware" for product "Workspace One Unified Endpoint Management"				>= 20.7.0.0 < 20.7.0.14 Search vendor "Vmware" for product "Workspace One Unified Endpoint Management" and version " >= 20.7.0.0 < 20.7.0.14"		-		Affected
Vmware Search vendor "Vmware"		Workspace One Unified Endpoint Management Search vendor "Vmware" for product "Workspace One Unified Endpoint Management"				>= 20.8.0.0 < 20.8.0.28 Search vendor "Vmware" for product "Workspace One Unified Endpoint Management" and version " >= 20.8.0.0 < 20.8.0.28"		-		Affected
Vmware Search vendor "Vmware"		Workspace One Unified Endpoint Management Search vendor "Vmware" for product "Workspace One Unified Endpoint Management"				>= 20.10.0.0 < 20.10.0.16 Search vendor "Vmware" for product "Workspace One Unified Endpoint Management" and version " >= 20.10.0.0 < 20.10.0.16"		-		Affected
Vmware Search vendor "Vmware"		Workspace One Unified Endpoint Management Search vendor "Vmware" for product "Workspace One Unified Endpoint Management"				>= 20.11.0.0 < 20.11.0.27 Search vendor "Vmware" for product "Workspace One Unified Endpoint Management" and version " >= 20.11.0.0 < 20.11.0.27"		-		Affected
Vmware Search vendor "Vmware"		Workspace One Unified Endpoint Management Search vendor "Vmware" for product "Workspace One Unified Endpoint Management"				>= 21.1.0.0 < 21.1.0.14 Search vendor "Vmware" for product "Workspace One Unified Endpoint Management" and version " >= 21.1.0.0 < 21.1.0.14"		-		Affected
Vmware Search vendor "Vmware"		Workspace One Unified Endpoint Management Search vendor "Vmware" for product "Workspace One Unified Endpoint Management"				>= 21.2.0.0 < 21.2.0.8 Search vendor "Vmware" for product "Workspace One Unified Endpoint Management" and version " >= 21.2.0.0 < 21.2.0.8"		-		Affected