theinfosecnews
theinfosecnews
Subscribe to Daily Digest

CVE-2021-22054

CISA KEV

Published March 9, 2026 · Updated April 3, 2026

high

What This Means

**CVE-2021-22054: Workspace One UEM Server-Side Request Forgery** Omnissa Workspace One UEM contains an unauthenticated SSRF vulnerability that allows an attacker with network access to the UEM server to forge requests and access sensitive information without credentials. An attacker can abuse this flaw to reach internal resources, exfiltrate data, or pivot to backend systems that the UEM instance can communicate with. **Action Required:** Identify all Workspace One UEM deployments in your environment. Apply available patches from Omnissa immediately. If patching is delayed, restrict network access to UEM administration interfaces and monitor for suspicious outbound connections from UEM servers to internal resources. Review UEM logs for unauthenticated request patterns or requests to unexpected internal IPs/hostnames.

Official Description+

Omnissa Workspace One UEM formerly known as VMware Workspace One UEM contains a server-side request forgery (SSRF) vulnerability that could allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information.

Affected Products

VendorProduct
OmnissaWorkspace One UEM

Patch Status

Patch by 2026-03-23

Recommended Actions

  1. Check if your systems use any of the affected products listed above.
  2. Apply vendor patches immediately if available.
  3. This vulnerability is in CISA's Known Exploited Vulnerabilities catalog — prioritize remediation.
  4. Monitor vendor advisories for updates and additional mitigations.
  5. Review logs for indicators of compromise related to CVE-2021-22054.

Related Coverage

Vvulnerability

CVE-2021-22054: Unauthenticated SSRF in Omnissa Workspace ONE UEM Exposes Internal Networks

CVE-2021-22054 is an unauthenticated server-side request forgery vulnerability in Omnissa Workspace ONE UEM that allows network-adjacent attackers to forge requests through the UEM server and access sensitive internal resources without credentials. CISA has added this CVE to its Known Exploited Vulnerabilities catalog with a federal patch deadline of March 23, 2026. Organizations should apply Omnissa patches immediately, restrict network access to UEM management interfaces, and hunt for signs of prior exploitation in UEM and network logs.

CISA KEV·25d ago·3 min read