漏洞描述
VMware Workspace ONE Access(以前称为VMware IdentityManager)旨在通过多因素身份验证、条件访问和单点登录,让您的员工更快地访问SaaS、Web和本机移动应用程序,该系统洞有一个服务器端请求伪造 (SSRF)漏洞,影响多个ONE UEM控制台版本,VMware已经发布针对性安全补丁。
vmware workspace存在ssrf漏洞(CVE-2021-22054)
PoC代码
暂无相关漏洞推荐
- POC CVE-2021-22054: VMWare Workspace ONE UEM - Server-Side Request Forgery
- POC CVE-2022-22954: VMware Workspace ONE Access - Server-Side Template Injection
- POC CVE-2022-22972: VMware Workspace ONE Access/Identity Manager/vRealize Automation - Authentication Bypass
- POC CVE-2022-22954: VMware Workspace ONE Access SSTI
- POC vmware-vcenter-lfi: VMware vCenter - Local File Inclusion
- POC vmware-vcenter-log4j-jndi-rce-temp: VMware VCenter - Remote Code Execution (Apache Log4j)
- POC vmware-vcenter-log4j-jndi-rce: VMware VCenter - Remote Code Execution (Apache Log4j)
- POC vmware-vcenter-provider-logo-ssrf: Vmware VCenter - Arbitrary File Read
- POC CVE-2022-22956: VMware Workspace ONE Access - Authentication Bypass
- POC vmware-siterecovery-log4j-rce: VMware Site Recovery Manager - Remote Code Execution (Apache Log4j)
- POC vmware-cloud-xss: VMWare Cloud - Cross Site Scripting
- POC vmware-hcx-log4j-rce: VMware HCX - Remote Code Execution (Apache Log4j)
- POC vmware-horizon-log4j-rce: VMware Horizon - JNDI Remote Code Execution (Apache Log4j)