Moderate
Share this page on social media
Sign up for Security Advisories
A denial of service vulnerability in VMware Workspace ONE UEM console was privately reported to VMware. Patches are available to remediate this vulnerability in affected VMware products.
Description
Known Attack Vectors
A malicious actor with access to /API/system/admins/session could cause an API denial of service due to improper rate limiting.
Resolution
Fixes for CVE-2021-22029 are documented in the 'Fixed Version' column of the 'Response Matrix' below.
Workarounds
None.
Additional Documentation
A Knowledge Base article, with information relating to /API/system/admins/session, is listed in the 'Additional Documentation' column of the 'Response Matrix' below.
Notes
None.
Acknowledgements
None.
Response Matrix
Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
VMware Workspace ONE UEM console
|
2105
|
Any
|
CVE-2021-22029
|
5.3
|
moderate
|
21.5.0.2
|
None
|
|
VMware Workspace ONE UEM console
|
2102
|
Any
|
CVE-2021-22029
|
5.3
|
moderate
|
21.2.0.14
|
None
|
|
VMware Workspace ONE UEM console
|
2011
|
Any
|
CVE-2021-22029
|
5.3
|
moderate
|
20.11.0.30
|
None
|
|
VMware Workspace ONE UEM console
|
2008
|
Any
|
CVE-2021-22029
|
5.3
|
moderate
|
20.0.8.32
|
None
|
|
VMware Workspace ONE UEM console
|
2005
|
Any
|
CVE-2021-22029
|
5.3
|
moderate
|
20.5.0.51
|
None
|
|
VMware Workspace ONE UEM console
|
2001
|
Any
|
CVE-2021-22029
|
5.3
|
moderate
|
20.1.0.33
|
None
|
Fixed Version(s) and Release Notes:
VMware Workspace ONE UEM console 2105
https://resources.workspaceone.com/view/7xw2l35h6fc2pyfjgcnx/en
https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2105/rn/Workspace-ONE-UEM-2105-Release-Notes.html
VMware Workspace ONE UEM console 2102
https://resources.workspaceone.com/view/48ktw9p6spmq8dflll49/en
https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2102/rn/Workspace-ONE-UEM-2102-Release-Notes.html
VMware Workspace ONE UEM console 2011
https://resources.workspaceone.com/view/pdwkjgfsb8b57cxvfnpd/en
https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2011/rn/VMware-Workspace-ONE-UEM-Release-Notes-2011.html
VMware Workspace ONE UEM console 2008
https://resources.workspaceone.com/view/5qtfg6xhrkcp6vp4t4l7/en
https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2008/rn/VMware-Workspace-ONE-UEM-Release-Notes-2008.html
VMware Workspace ONE UEM console 2005
https://resources.workspaceone.com/view/3s4wvw2b3wp5mfs3y8s7/en
https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2005/rn/VMware-Workspace-ONE-UEM-Release-Notes-2005.html
VMware Workspace ONE UEM console 2001
https://resources.workspaceone.com/view/zmbk3nnwjhfr8jhkhyjc/en
https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2001/rn/VMware-Workspace-ONE-UEM-Release-Notes-2001.html
Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22029
FIRST CVSSv3 Calculator:
CVE-2021-22029 - https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2021-08-19 VMSA-2021-0017
Initial security advisory.
E-mail list for product security notifications and announcements:
https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
security-announce@lists.vmware.com
E-mail: security@vmware.com
PGP key at:
VMware Security Advisories
https://www.vmware.com/security/advisories
VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
VMware Security & Compliance Blog
https://blogs.vmware.com/security
Copyright 2021 VMware Inc. All rights reserved.