Published: 23/09/2021 Updated: 27/09/2021

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosure.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vmware cloud foundation
vmware vcenter server 6.5
vmware vcenter server 6.7
vmware vcenter server 7.0

Break out your emergency change process and patch this ransomware-friendly bug ASAP, says VMware

The Register • Simon Sharwood, APAC Editor • 22 Sep 2021

Get our weekly newsletter File upload vuln lets miscreants hijack vCenter Server - and is being exploited in the wild

Update VMware has disclosed a critical bug in its flagship vSphere and vCenter products and urged users to drop everything and patch it. The virtualization giant also offered a workaround. The bug is one of 19 disclosed today by VMware. The worst of the bunch is CVE-2021-22005, described as "an arbitrary file upload vulnerability in the Analytics service" that's part of vCenter Server. The flaw is rated 9.8/10 in severity using the Common Vulnerability Scoring System. "A malicious actor with net...

CVE-2021-21993

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect