Skip to content

Defense Digests

VMware Workspace ONE UEM Console Vulnerability

Dataprise Defense Digest 550x550

Table of content


On December 16th 2021, VMware published a known vulnerability in their Workspace ONE UEM Console that if exploited successfully, would grant a malicious actor access to sensitive data.

Workspace ONE Unified Endpoint Management (ONE UEM) is a VMware solution for over-the-air remote management of desktops, mobile, rugged, wearables, and IoT devices.

This vulnerability affects both, on-prem and SAAS versions of the product. VMware has catalogued this vulnerability as Critical (9.1/10) and encourages immediate remediation by updating the affected products to the newest version, and/or following mitigation workaround procedures outlined below (see MITIGATION).

Dataprise Defense Digest

ID: D3-2021-0016-1

Severity: 9.1 (Critical)

Published: December 17, 2021



Precise impact analysis has not been released by VMware, but depending on the deployed integration level, malicious actors may be able to gain access to credentials, emails, phone numbers, account information, files, organizational structures, etc.


Very few details have been released up until the writing of this article. However, it is known that this vulnerability can be abused without user interaction (automated attacks), allowing to fully bypass authentication on vulnerable systems, granting an unknown level of access to information  contained within the system, external connectors or endpoints managed by it.


Vulnerable versions are outlined in the chart below, to check your console version:
– Log in to your dashboard, click on “about” and read the version information.

Impacted Version

Fixed Version

2109 Workspace ONE UEM patch and above
2105 Workspace ONE UEM patch above
2102 Workspace ONE UEM patch above
2101 Workspace ONE UEM patch and above
2011 Workspace ONE UEM patch above
2010 Workspace ONE UEM patch and above
2008 Workspace ONE UEM patch above
2007 Workspace ONE UEM patch and above


The recommended course of action is to follow upgrade & update procedures if possible.

In case an update is not possible, VMware has outlined the following steps as a workaround:

[Resolved] CRSVC-25521 – Workspace ONE UEM – Guidance for addressing CVE-2021-22054 (87167) (



View all Dataprise Defense Digests here.

Recent Tweets


Learn about the latest threats and vulnerabilities with our D3 alerts.

Subscribe to get real-time notifications when a new Dataprise Defense Digest is published.