THE Known Exploited Vulnerabilities Catalog lists CVE-2021-22054 as Omnissa Workspace One Server-Side Request Forgery affecting Omnissa Workspace One UEM, which could allow a malicious actor with network access to send requests without authentication and access sensitive information. The entry notes a related CWE: CWE-918 and states it is Unknown whether it is used in ransomware campaigns.
It provides an action to apply mitigations per vendor instructions, follow applicable guidance for cloud services, or discontinue use if mitigations are unavailable. Date Added is 9 March 2026 with a Due Date of 23 March 2026. According to CISA, the catalog is maintained to help organisations prioritise vulnerability management and is available in CSV, JSON, and JSON Schema formats for data integration.