CVE-2021-21993

CVE Database · CVE-2021-21993

CVE-2021-21993

· MEDIUMModified

CVSS v3.1

6.5

EPSS

0.91%

Published

Sep 23, 2021

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosure.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-918

Affected Products (4)

vmware · cloud_foundation (up to 5.0)vulnerable

vmware · vcenter_servervulnerable

References (2)

https://www.vmware.com/security/advisories/VMSA-2021-0020.html

PatchVendor Advisory

https://www.vmware.com/security/advisories/VMSA-2021-0020.html

PatchVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs