Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cisa_kevCISACISA-KEV-CVE-2021-21973
HistoryMar 07, 2022 - 12:00 a.m.

VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability

2022-03-0700:00:00
CISA
www.cisa.gov
11
vmware
vcenter server
cloud foundation
ssrf
vulnerability
url validation
information disclosure

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.137

Percentile

95.7%

JSON

VMware vCenter Server and Cloud Foundation Server contain a SSRF vulnerability due to improper validation of URLs in a vCenter Server plugin. This allows for information disclosure.

Related

nvd 1
attackerkb 1
cvelist 1
nuclei 1
prion 1
nessus 2
cve 1
githubexploit 5
checkpoint_advisories 1
ibm 1
cisa 2
rapid7blog 1
vmware 1
threatpost 1
thn 1
nvd
nvd
CVE-2021-21973
2021-02-24 17:15:15
attackerkb
attackerkb
CVE-2021-21973
2021-02-24 00:00:00
cvelist
cvelist
CVE-2021-21973
2021-02-24 16:42:02
nuclei
nuclei
VMware vSphere - Server-Side Request Forgery
2022-01-27 10:20:44
prion
prion
Server side request forgery (ssrf)
2021-02-24 17:15:00
nessus
nessus
VMware vCenter Server SSRF (CVE-2021-21973) (Direct Check)
2022-08-23 00:00:00
VMware vCenter Server 6.5 / 6.7 / 7.0 Multiple Vulnerabilities (VMSA-2021-0002)
2021-02-25 00:00:00
cve
cve
CVE-2021-21973
2021-02-24 17:15:15
githubexploit
githubexploit
Exploit for Improper Privilege Management in Vmware Cloud Foundation
2021-04-06 10:38:40
Exploit for Improper Privilege Management in Vmware Cloud Foundation
2021-10-03 23:03:11
Exploit for Improper Privilege Management in Vmware Cloud Foundation
2021-10-03 23:03:11
checkpoint_advisories
checkpoint_advisories
VMware vSphere Client Remote Code Execution (CVE-2021-21972; CVE-2021-21973)
2021-02-28 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in VMware affect IBM Cloud Pak System
2021-10-05 12:18:32
cisa
cisa
VMware Releases Multiple Security Updates
2021-02-24 00:00:00
CISA Adds 11 Known Exploited Vulnerabilities to Catalogβ€―
2022-03-07 00:00:00
rapid7blog
rapid7blog
VMware vCenter Server CVE-2021-21972 Remote Code Execution Vulnerability: What You Need to Know
2021-02-24 22:22:14
vmware
vmware
VMware ESXi and vCenter Server updates address multiple security vulnerabilities (CVE-2021-21972, CVE-2021-21973, CVE-2021-21974)
2021-02-23 00:00:00
threatpost
threatpost
VMWare Patches Critical RCE Flaw in vCenter Server
2021-02-24 17:14:55
thn
thn
Critical RCE Flaws Affect VMware ESXi and vSphere Client β€” Patch Now
2021-02-24 07:54:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.137

Percentile

95.7%

JSON
Related for CISA-KEV-CVE-2021-21973
nvd1attackerkb1cvelist1nuclei1prion1nessus2cve1githubexploit5checkpoint_advisories1ibm1cisa2rapid7blog1vmware1threatpost1thn1