๐ฅ This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)
CVE-2021-22054: Omnissa Workspace ONE Server-Side Request Forgery
Summary
Omnissa Workspace One UEM contains a server-side request forgery vulnerability (SSRF, a flaw that lets attackers make unauthorized requests through a server to access internal systems). An attacker with network access could exploit this to send requests without authentication and steal sensitive information. This vulnerability is currently being exploited in real attacks.
Solution / Mitigation
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Vulnerability Details
EPSS: 93.7%
๐ฅ Actively Exploited
Classification
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-22054
First tracked: March 9, 2026 at 04:00 PM
Classified by LLM (prompt v3) ยท confidence: 95%