Unrated severityNVD Advisory· Published Dec 20, 2021· Updated Aug 3, 2024

CVE-2021-22056

Description

VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An SSRF vulnerability in VMware Workspace ONE Access and Identity Manager allows an attacker with network access to make HTTP requests to arbitrary origins and read the full response.

Vulnerability

An SSRF vulnerability exists in VMware Workspace ONE Access versions 21.08, 20.10.0.1, and 20.10, and in VMware Identity Manager versions 3.3.5, 3.3.4, and 3.3.3. The vulnerability allows a malicious actor with network access to make HTTP requests to arbitrary origins and read the full response [1].

Exploitation

An attacker requires network access to the affected server. No authentication is mentioned as a prerequisite. The attacker can craft HTTP requests to arbitrary URLs, potentially including internal services or cloud metadata endpoints, and receive the full response [1].

Impact

Successful exploitation can lead to disclosure of sensitive information from internal systems, such as cloud provider metadata or other internal service responses, due to the ability to read the full response from arbitrary origins [1].

Mitigation

VMware released patches to address this vulnerability. The advisory recommends updating Workspace ONE Access to versions 21.08.0.1, 20.10.0.2, or later, and Identity Manager to versions 3.3.6 or later [1].

References

Support Content Notification - Support Portal - Broadcom support portal

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

VMware/Workspace ONE Accessdescription
VMware/Workspace One Accessllm-fuzzy
Range: = 21.08, 20.10.0.1, 20.10
VMware/Identity Managerllm-fuzzy
Range: = 3.3.5, 3.3.4, 3.3.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.vmware.com/security/advisories/VMSA-2021-0030.htmlmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000