Description: VMware Workspace one UEM console (2102 prior to 21.2.0.8, 2101 prior to 21.1.0.14, 2011 prior to 20.11.0.27, 2010 prior to 20.10.0.16,2008 prior to 20.8.0.28, 2007 prior to 20.7.0.14,2006 prior to 20.6.0.19, 2005 prior to 20.5.0.46, 2004 prior to 20.4.0.21, 2003 prior to 20.3.0.23, 2001 prior to 20.1.0.32, 1912 prior to 19.12.0.24) contain a cross-site scripting vulnerability. VMware Workspace ONE UEM console does not validate incoming requests during device enrollment after leading to rendering of unsanitized input on the user device in response.
CVE-2021-21990
Published Date: 2021-05-11T14:15Z
Last Modified: 2022-06-05T02:10Z
CVSS Score: 6.1 (MEDIUM)
EPSS Score: 0.11%
Risk Score: 4.27 (MEDIUM)
Risk Score based on CVSS score and EPSS. This score is for reference purposes and is not internationally recognized.
CVSS:
6.1 |
EPSS:
0.11%
Mitre ATT&CK Technical v15.1
T1064 – Scripting
T1053.002 – At
Technical Analysis & Mitigation Measures
Reference Links
Vendor - Produce - Version
workspace_one_unified_endpoint_management - vmware, workspace_one_unified_endpoint_management - vmware, workspace_one_unified_endpoint_management - vmware, workspace_one_unified_endpoint_management - vmware, workspace_one_unified_endpoint_management - vmware, workspace_one_unified_endpoint_management - vmware, workspace_one_unified_endpoint_management - vmware, workspace_one_unified_endpoint_management - vmware, workspace_one_unified_endpoint_management - vmware, workspace_one_unified_endpoint_management - vmware, workspace_one_unified_endpoint_management - vmware, workspace_one_unified_endpoint_management - vmware
Disclaimer
The content on this website is automatically sourced from external websites such as the National Vulnerability Database (NVD), GitHub, and other security-related sources. This content is for reference purposes only, and we are not responsible for the accuracy or integrity of the information linked or displayed from these sources.