Vulnerability Details CVE-2021-22056
VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.9%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2021-22056
-
cpe:2.3:a:vmware:identity_manager:3.3.3
-
cpe:2.3:a:vmware:identity_manager:3.3.4
-
cpe:2.3:a:vmware:identity_manager:3.3.5
-
cpe:2.3:a:vmware:vrealize_automation:7.6
-
cpe:2.3:a:vmware:vrealize_automation:8.0
-
cpe:2.3:a:vmware:vrealize_automation:8.1
-
cpe:2.3:a:vmware:vrealize_automation:8.2
-
cpe:2.3:a:vmware:vrealize_automation:8.3
-
cpe:2.3:a:vmware:vrealize_automation:8.4
-
cpe:2.3:a:vmware:vrealize_automation:8.5
-
cpe:2.3:a:vmware:vrealize_automation:8.6
-
cpe:2.3:a:vmware:workspace_one_access:20.10
-
cpe:2.3:a:vmware:workspace_one_access:20.10.01
-
cpe:2.3:a:vmware:workspace_one_access:21.08
-
cpe:2.3:a:vmware:workspace_one_access:21.08.01
-
cpe:2.3:o:linux:linux_kernel:-