Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2021-21980

Published: 24/11/2021 Updated: 12/07/2022
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Vcenter Server

Vulnerability Summary

The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

vmware vcenter server 6.5

vmware vcenter server 6.7

vmware cloud foundation 3.0

Github Repositories

https://github.com/Osyanina/westone-CVE-2022-1388-scanner

A vulnerability scanner that detects CVE-2021-21980 vulnerabilities.

westone-CVE-2022-1388-scanner Undisclosed requests may bypass iControl REST authentication Installation & Usage git clone githubcom/Osyanina/westone-CVE-2021-21980-scannergit cd westone-CVE-2022-1388-scanner cmd CVE-2022-1388exe

https://github.com/Osyanina/westone-CVE-2021-21980-scanner

A vulnerability scanner that detects CVE-2021-21980 vulnerabilities.

westone-CVE-2021-21980-scanner VMware vCenter earlier versions (70200100) has unauthorized arbitrary file read + ssrf + xss vulnerability Installation & Usage git clone githubcom/Osyanina/westone-CVE-2021-21980-scannergit cd westone-CVE-2021-21980-scanner cmd CVE-2021-21980exe

https://github.com/dorkerdevil/LongTail-AMF

vcenter AMF object deserialization exploit

LongTail-AMF Vcenter AMF object deserialization exploit Requirement githubcom/RandomRobbieBF/marshalsec-jar Usage python3 longtailpy targetip targetport attackip attackerport Authors • D0rkerDevil • wabafet1 This is for educational purposes, Authors are not responsible for any damages Reference attackerkbcom/

References

NVD-CWE-noinfohttps://www.vmware.com/security/advisories/VMSA-2021-0027.htmlhttps://nvd.nist.govhttps://github.com/Osyanina/westone-CVE-2022-1388-scanner
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook