CVE-2021-22054 PoC — Vmware Workspace One 代码问题漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-22054.yaml

Associated Vulnerability

Title:Vmware Workspace One 代码问题漏洞 (CVE-2021-22054)
Description:Vmware Vmware Workspace One是美国Vmware公司的一个用于支持跨设备应用于快速交付、管理应用程序的平台。该平台包含VMware Horizon 和 VMware Horizon Cloud，将访问控制、应用程序管理和多平台端点管理集成到一个平台中，可高效管理多个设备。 VMware Workspace ONE UEM 存在代码问题漏洞，该漏洞源于VMware Workspace ONE UEM控制台20.0.8之前的20.0.8.37、20.11.0之前的20.11.0.40、

Description

VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain a server-side request forgery vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information.

File Snapshot


 id: CVE-2021-22054

info:
  name: VMWare Workspace ONE UEM - Server-Side Request Forgery
  author: h

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!