Lucene search

[email protected]CVE-2021-21992

HistorySep 22, 2021 - 7:15 p.m.

CVE-2021-21992

2021-09-2219:15:09

[email protected]

web.nvd.nist.gov

vcenter server

denial-of-service

vulnerability

xml entity parsing

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.1%

JSON

The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash) may exploit this issue to create a denial-of-service condition on the vCenter Server host.

Affected configurations

NVD

Node

vmwarecloud_foundationRange3.0–3.10.2.2

vmwarecloud_foundationRange4.0–4.3

vmwarevcenter_serverMatch6.5-

vmwarevcenter_serverMatch6.5a

vmwarevcenter_serverMatch6.5b

vmwarevcenter_serverMatch6.5c

vmwarevcenter_serverMatch6.5d

vmwarevcenter_serverMatch6.5e

vmwarevcenter_serverMatch6.5f

vmwarevcenter_serverMatch6.5update1

vmwarevcenter_serverMatch6.5update1b

vmwarevcenter_serverMatch6.5update1c

vmwarevcenter_serverMatch6.5update1d

vmwarevcenter_serverMatch6.5update1e

vmwarevcenter_serverMatch6.5update1g

vmwarevcenter_serverMatch6.5update2

vmwarevcenter_serverMatch6.5update2b

vmwarevcenter_serverMatch6.5update2c

vmwarevcenter_serverMatch6.5update2d

vmwarevcenter_serverMatch6.5update2g

vmwarevcenter_serverMatch6.5update3

vmwarevcenter_serverMatch6.5update3d

vmwarevcenter_serverMatch6.5update3f

vmwarevcenter_serverMatch6.5update3k

vmwarevcenter_serverMatch6.5update3n

vmwarevcenter_serverMatch6.5update3p

vmwarevcenter_serverMatch6.7-

vmwarevcenter_serverMatch6.7a

vmwarevcenter_serverMatch6.7b

vmwarevcenter_serverMatch6.7d

vmwarevcenter_serverMatch6.7update1

vmwarevcenter_serverMatch6.7update1b

vmwarevcenter_serverMatch6.7update2

vmwarevcenter_serverMatch6.7update2a

vmwarevcenter_serverMatch6.7update2c

vmwarevcenter_serverMatch6.7update3

vmwarevcenter_serverMatch6.7update3a

vmwarevcenter_serverMatch6.7update3b

vmwarevcenter_serverMatch6.7update3f

vmwarevcenter_serverMatch6.7update3g

vmwarevcenter_serverMatch6.7update3j

vmwarevcenter_serverMatch6.7update3l

vmwarevcenter_serverMatch6.7update3m

vmwarevcenter_serverMatch6.7update3n

vmwarevcenter_serverMatch7.0-

vmwarevcenter_serverMatch7.0a

vmwarevcenter_serverMatch7.0b

vmwarevcenter_serverMatch7.0c

vmwarevcenter_serverMatch7.0d

vmwarevcenter_serverMatch7.0update1

vmwarevcenter_serverMatch7.0update1a

vmwarevcenter_serverMatch7.0update1c

vmwarevcenter_serverMatch7.0update1d

vmwarevcenter_serverMatch7.0update2

vmwarevcenter_serverMatch7.0update2a

vmwarevcenter_serverMatch7.0update2b

CPENameOperatorVersion
vmware:cloud_foundationvmware cloud foundationlt3.10.2.2
vmware:cloud_foundationvmware cloud foundationlt4.3
vmware:vcenter_servervmware vcenter servereq6.5
vmware:vcenter_servervmware vcenter servereq6.7
vmware:vcenter_servervmware vcenter servereq7.0

CPE	Name	Operator	Version
vmware:cloud_foundation	vmware cloud foundation	lt	3.10.2.2
vmware:cloud_foundation	vmware cloud foundation	lt	4.3
vmware:vcenter_server	vmware vcenter server	eq	6.5
vmware:vcenter_server	vmware vcenter server	eq	6.7
vmware:vcenter_server	vmware vcenter server	eq	7.0

CNA Affected

[
  {
    "product": "VMware vCenter Server, VMware Cloud Foundation",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "VMware vCenter Server(7.x before 7.0 U2c, 6.7 before 6.7 U3o and 6.5 before 6.5 U3q) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2)"
      }
    ]
  }
]

References

www.vmware.com/security/advisories/VMSA-2021-0020.html

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.1%

JSON

Related for CVE-2021-21992

nvd1 prion1 cvelist1 ibm1 nessus3 vmware2 thn1