CISA has added CVE-2021-22054 to its Known Exploited Vulnerabilities (KEV) catalogue. The affected vendor is Omnissa and the product is Workspace One UEM. The vulnerability, Omnissa Workspace ONE Server-Side Request Forgery, could allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information.
Technically, the flaw is a server-side request forgery (SSRF) in Workspace One UEM. An attacker who can reach the UEM instance can cause the server to perform requests on its behalf, potentially exposing sensitive information. The CVSS score is 7.5 (HIGH). A patch is available; remediation should follow VMware’s advisory VMSA-2021-0029 and vendor mitigations.
Active exploitation has been confirmed, which is the basis for its inclusion in KEV. The ransomware campaign use is unknown. The remediation due date is 2026-03-23. Organisations should prioritise applying the vendor mitigations and patches to reduce exposure and risk.
CISA’s required remediation action is to apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Directly affected are FCEB agencies, and all organisations are advised to review their exposure and update protections accordingly.
Readers should consult the linked NVD entry and the CISA KEV catalogue for full details: https://nvd.nist.gov/vuln/detail/CVE-2021-22054 and https://www.cisa.gov/known-exploited-vulnerabilities-catalog.