VMware Security Announcement VMSA-2021-0008, CVSSv3 score 3.7

A new VMware Security advisory was released today, VMSA-2021-0008. This affects VMware Workspace ONE UEM console, the patches address a Cross-site scripting vulnerability (CVE-2021-21990)

Impacted Products

VMware Workspace ONE UEM console

Introduction

A cross-site scripting vulnerability in VMware Workspace ONE UEM console was privately reported to VMware. Patches are available to remediate this vulnerability in affected VMware products.

Cross Site Scripting (XSS) vulnerability in VMware Workspace ONE UEM console (CVE-2021-21990)

Description

VMware Workspace ONE UEM console does not validate an incoming request during device enrollment.VMware has evaluated the severity of this issue to be in the low
severity range with a maximum CVSSv3 base score of 3.7.

Known Attack Vectors

A malicious actor may be able to inject code or redirect a user to another site during the enrollment process.

Resolution

For VMware Workspace ONE UEM Console Version 1912, apply fixed version 19.12.0.24. Download links will be provided below.

For VMware Workspace ONE UEM Console Version 2001, apply fixed version 20.1.0.32. Download links will be provided below.

For VMware Workspace ONE UEM Console Version 2003, apply fixed version 20.3.0.23. Download links will be provided below.

For VMware Workspace ONE UEM Console Version 2004, apply fixed version 20.4.0.21. Download links will be provided below.

For VMware Workspace ONE UEM Console Version 2005, apply fixed version 20.5.0.46. Download links will be provided below.

For VMware Workspace ONE UEM Console Version 2006, apply fixed version 20.6.0.19. Download links will be provided below.

For VMware Workspace ONE UEM Console Version 2007, apply fixed version 20.7.0.14. Download links will be provided below.

For VMware Workspace ONE UEM Console Version 2008, apply fixed version 20.8.0.28. Download links will be provided below.

For VMware Workspace ONE UEM Console Version 2010, apply fixed version 20.10.0.16. Download links will be provided below.

For VMware Workspace ONE UEM Console Version 2011, apply fixed version 20.11.0.27. Download links will be provided below.

For VMware Workspace ONE UEM Console Version 2101, apply fixed version 21.1.0.14. Download links will be provided below.

For VMware Workspace ONE UEM Console Version 2102, apply fixed version 21.2.0.8. Download links will be provided below.

References

Fixed Version(s) and Release Notes:

VMware Workspace ONE UEM console 2102 - On-Prem
https://resources.workspaceone.com/view/48ktw9p6spmq8dflll49/en

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2102/rn/Workspace-ONE-UEM-2102-Release-Notes.html#21-2-0-8-patch-resolved-issues-resolved

VMware Workspace ONE UEM console 2101 - Cloud Only

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2101/rn/Workspace-ONE-UEM-2101-Release-Notes.html#21-1-0-14-patch-resolved-issues-resolved

VMware Workspace ONE UEM console 2011 - On-Prem

https://resources.workspaceone.com/view/pdwkjgfsb8b57cxvfnpd/en
https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2011/rn/VMware-Workspace-ONE-UEM-Release-Notes-2011.html#20-11-0-27-patch-resolved-issues-resolved

VMware Workspace ONE UEM console 2010 - Cloud Only

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2010/rn/VMware-Workspace-ONE-UEM-Release-Notes-2010.html#20-10-0-16-patch-resolved-issues-resolved

VMware Workspace ONE UEM console 2008 - On-Prem

https://resources.workspaceone.com/view/5qtfg6xhrkcp6vp4t4l7/en

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2008/rn/VMware-Workspace-ONE-UEM-Release-Notes-2008.html#20-8-0-28-patch-resolved-issues-resolved

VMware Workspace ONE UEM console 2007 - Cloud Only

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2007/rn/VMware-Workspace-ONE-UEM-Release-Notes-2007.html#20-7-0-14-patch-resolved-issues-resolved

VMware Workspace ONE UEM console 2006 - Cloud Only

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2006/rn/VMware-Workspace-ONE-UEM-Release-Notes-2006.html#20-6-0-19-patch-resolved-issues-resolved

VMware Workspace ONE UEM console 2005 - On-Prem

https://resources.workspaceone.com/view/3s4wvw2b3wp5mfs3y8s7/en

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2005/rn/VMware-Workspace-ONE-UEM-Release-Notes-2005.html#20-5-0-46-patch-resolved-issues-resolved

VMware Workspace ONE UEM console 2004 - Cloud Only

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2004/rn/VMware-Workspace-ONE-UEM-Release-Notes-2004.html#20-4-0-21-patch-resolved-issues-resolved

VMware Workspace ONE UEM console 2003 - Cloud Only

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2003/rn/VMware-Workspace-ONE-UEM-Release-Notes-2003.html#20-3-0-23-patch-resolved-issue-resolved

VMware Workspace ONE UEM console 2001 - On-Prem

https://resources.workspaceone.com/view/zmbk3nnwjhfr8jhkhyjc/en

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2001/rn/VMware-Workspace-ONE-UEM-Release-Notes-2001.html#20-1-0-32-patch-resolved-issues-resolved

VMware Workspace ONE UEM console 1912 - Cloud Only
https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/1912/rn/VMware

Official Advisory

VMSA-2021-0008 (vmware.com)

Thanks for reading!