-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2025-050 Product: Workspace ONE UEM Manufacturer: Omnissa Affected Version(s): 24.6.0.21 Tested Version(s): 24.6.0.21 Vulnerability Type: Insufficient Logging (CWE-778) Risk Level: Medium Solution Status: Open Manufacturer Notification: 2025-07-18 Solution Date: 2025-11-12 Public Disclosure: 2026-02-13 CVE Reference: Not yet assigned Author of Advisory: Philipp Buchegger, SySS GmbH ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Overview: Omnissa Workspace ONE is a software for managing endpoint devices. The manufacturer describes the product as follows (see [1]): "Manage, secure and monitor all devices across all platforms. [...] With Omnissa Workspace ONE®, your organization can ease the operational burden on your IT workforce via an autonomous workspace, freeing them to focus on higher-value tasks." Due to insufficient logging, attacks against an internet-exposed API may not be detected. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Vulnerability Details: In the default configuration, authentication attempts via the API endpoint "/DeviceServices/awmdmsdk/v3/shareddevice/checkout/authenticate" that is used for the Hub app are not logged or monitored. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Proof of Concept (PoC): SySS performed a bruteforce attack using the internet-exposed API (also see SYSS-2025-048 [3]) which was not logged within Workspace ONE UEM. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: Enable logging for all authentication attempts. See https://www.omnissa.com/omsa-2025-0005 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Disclosure Timeline: 2025-07-15: Vulnerability discovered 2025-07-18: Vulnerability reported to manufacturer 2025-09-10: Patch released by manufacturer 2026-02-13: Public disclosure of vulnerability ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ References: [1] Product website for Omnissa Workspace ONE for Unified Endpoint Management https://go.omnissa.com/Workspace-ONE-for-UEM [2] SySS Security Advisory SYSS-2025-050 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-050.txt [3] SySS Security Advisory SYSS-2025-048 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-048.txt [4] SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Credits: This security vulnerability was found by Philipp Buchegger and Sebastian Auwärter of SySS GmbH. E-Mail: philipp buchegger@syss.de Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Philipp_Buchegger.asc Key ID: 0x065809F0BB6747E8 Key Fingerprint: 489F 34EE FA88 27DE 69A0 756B 0658 09F0 BB67 47E8 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available on the SySS website. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Copyright: Creative Commons - Attribution (by) - Version 4.0 URL: https://creativecommons.org/licenses/by/4.0/deed.en -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEESJ807vqIJ95poHVrBlgJ8LtnR+gFAmmPHQIACgkQBlgJ8Ltn R+hZhBAAwdW6tmN4HlJ//w40ymoPc/GC2egxlJpH1YHywmMpC/aUqeP39eDq33ic a3ZhXbIfMuMtEnuSeD4GZsLS5FBH/mummkFHMGXALYng4BVICPGB5rKmwimKzz0U 3nDm9hSB1UvZHvAZc+UibhPbZM2XhdyRUga/FbAM+iSbnW6Zo75RrDEY3PFJWQd7 3QNhhteo0/wXlqG7EvDv38m1LKGwF3dCN0zE3ll9Hp0a0fpJwKVp+NuN1tGcNERn dYoTTlcgih3I3PTAwSHb6ysEJpUN3XnGJ2YJiZxK5vQb1ymFRBiUOmAMbWLz6gSr 279Nw5+djAbPZS4oODghxcw3cCz0TvwFfLkpDvsPREtMIA2JK6RYTHLriknHck3x k6vxFwsul+awi9P9LAYDq7bh93yOSaXb84NW/s6VBljzNlcaVDSvb0+DS52DSed2 5/D/Zx5WBAqzga/hmA1vxd/uf6VdfWovCNybG8I6uvp//3ozJgLB7wcTZEUQjUDo 7xC0002sUZcMxr+ujDaU+kKoOIcOLb58a7N4ui8XslMu4indbKXXJM36/gB+p9EL Z44T6frYIkb/m9M7yh80ZXgbD7wEyB61XLjws22TcqIpjxm8vmTA7A6BHqB/r99X eWhrE7d5Q7mqXQHaZkSqRBcgELZhQWzNBH2sCrdQXDP5b/R4+/I= =y+69 -----END PGP SIGNATURE-----