VMware Digital Workplace Important UEM UEM & Digital Workplace Workspace One

Fixing the Server Side Request Forgery (SSRF) Vulnerability

Dec 22, 2021 2 min read
Fixing the Server Side Request Forgery (SSRF) Vulnerability

Fixing SSRF Server Side Request Forgery Vulneraility CVE-2021-22054

Synopsys

On 16 December 2021, a new vulnerability was discovered in Workspace ONE UEM console which is hosted on Microsoft IIS Webserver.

The vulnerability has been published by The Common Vulnerabilities and Exposures (CVE) project as CVE-2021-22054 and obtain the CVSS risk score of 9.1.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22054

Let’s take stock of the situation about your VMware Workspace ONE portfolio products:

Note: We describe here VMware's response for the Workspace ONE portfolio products only

What is this SSRF vulnerability?

A malicious actor with network access to UEM can send their requests to IIS without authentication and may exploit this issue to gain access to sensitive information.

VMware Response

On 16 December 2021, in response to the SSRF vulnerability, VMware has published a security advisory document for all of its impacted products.
This document is available at the following URL:
https://www.vmware.com/security/advisories/VMSA-2021-0029.html

Please find below the list of impacted Workspace ONE Consoles:

Impacted Version > Fixed Version

  • 2109 > Workspace ONE UEM patch 21.9.0.13 and above
  • 2105 > Workspace ONE UEM patch 21.5.0.37 and above
  • 2102 > Workspace ONE UEM patch 21.2.0.27 and above
  • 2101 > Workspace ONE UEM patch 21.1.0.27 and above
  • 2011 > Workspace ONE UEM patch 20.11.0.40 and above
  • 2010 > Workspace ONE UEM patch 20.10.0.23 and above
  • 2008 > Workspace ONE UEM patch 20.8.0.36 and above
  • 2007 > Workspace ONE UEM patch 20.7.0.17 and above

Note : Workspace ONE Access and Unified Access Gateway are not impacted by this vulnerability as these products are NOT based on IIS.

What solution / fix can be applied?

Option 1 :
Deploy the patch associated with the supported version of Workspace ONE UEM that your on-premise environment is on. https://kb.vmware.com/s/article/87167

Option 2 :
A short-termin mitigation for on-premise environments that are not currently on the patched version, this workaround can be applied:

  1. Identify all Windows servers that have the UEM Console application installed in the environment (e.g. Device Services Server, Console Services Server)

  2. Get administrator level access to the server using Remote Desktop or Physical access

  3. Patch the UEM web.config file using a text editor.
    More details, to implement this workaround can be found here
    https://kb.vmware.com/s/article/87167

Impact of changes with Workaround

  • The application icons will not display on Console screens for searching pulic applications.
  • IIS reset will cause logged-in administrators to the server being patched to log out.
  • There will be no impact to managed devices

Note : VMware Cloud Operations Team will take care to implement this fix for all SaaS environments.

Those workarounds are therefore temporary until a patch is made available by VMware.

If you have any doubt, interrogation or questions concerning this subject feel free to contact us as soons as possible : info@mobinergy.com

Stay tuned for more useful tips & tricks !

Published by
Tobias Kiesenbauer
Tobias Kiesenbauer
With passion for Unified Endpoint Management and long journey in this area, Tobias finally joined Mobinergy in 2020, and that was good, he is among like-minded people!
Great! Next, complete checkout for full access to Mobinergy Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Mobinergy Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.