Published: 23/09/2021 Updated: 27/09/2021

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to bypass proxy leading to internal endpoints being accessed.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vmware vcenter server 6.7

Break out your emergency change process and patch this ransomware-friendly bug ASAP, says VMware

The Register • Simon Sharwood, APAC Editor • 22 Sep 2021

Get our weekly newsletter File upload vuln lets miscreants hijack vCenter Server - and is being exploited in the wild

Update VMware has disclosed a critical bug in its flagship vSphere and vCenter products and urged users to drop everything and patch it. The virtualization giant also offered a workaround. The bug is one of 19 disclosed today by VMware. The worst of the bunch is CVE-2021-22005, described as "an arbitrary file upload vulnerability in the Analytics service" that's part of vCenter Server. The flaw is rated 9.8/10 in severity using the Common Vulnerability Scoring System. "A malicious actor with net...

CVE-2021-22017

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect