Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistVmwareCVELIST:CVE-2021-21973
HistoryFeb 24, 2021 - 4:42 p.m.

CVE-2021-21973

2021-02-2416:42:02
vmware
www.cve.org
1

5.8 Medium

AI Score

Confidence

High

0.163 Low

EPSS

Percentile

96.0%

JSON

The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).

CNA Affected

[
  {
    "product": "VMware vCenter Server",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "7.x before 7.0 U1c"
      },
      {
        "status": "affected",
        "version": "6.7 before 6.7 U3l"
      },
      {
        "status": "affected",
        "version": "6.5 before 6.5 U3n"
      }
    ]
  },
  {
    "product": "VMware Cloud Foundation",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "4.x before 4.2"
      },
      {
        "status": "affected",
        "version": "3.x before 3.10.1.2"
      }
    ]
  }
]

Related

cisa_kev 1
nvd 1
attackerkb 1
nuclei 1
cve 1
prion 1
nessus 2
githubexploit 5
checkpoint_advisories 1
ibm 1
cisa 2
vmware 1
rapid7blog 1
threatpost 1
thn 1
cisa_kev
cisa_kev
VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability
2022-03-07 00:00:00
nvd
nvd
CVE-2021-21973
2021-02-24 17:15:15
attackerkb
attackerkb
CVE-2021-21973
2021-02-24 00:00:00
nuclei
nuclei
VMware vSphere - Server-Side Request Forgery
2022-01-27 10:20:44
cve
cve
CVE-2021-21973
2021-02-24 17:15:15
prion
prion
Server side request forgery (ssrf)
2021-02-24 17:15:00
nessus
nessus
VMware vCenter Server SSRF (CVE-2021-21973) (Direct Check)
2022-08-23 00:00:00
VMware vCenter Server 6.5 / 6.7 / 7.0 Multiple Vulnerabilities (VMSA-2021-0002)
2021-02-25 00:00:00
githubexploit
githubexploit
Exploit for Improper Privilege Management in Vmware Cloud Foundation
2021-10-03 23:03:11
Exploit for Improper Privilege Management in Vmware Cloud Foundation
2021-04-06 10:38:40
Exploit for Improper Privilege Management in Vmware Cloud Foundation
2021-10-03 23:03:11
checkpoint_advisories
checkpoint_advisories
VMware vSphere Client Remote Code Execution (CVE-2021-21972; CVE-2021-21973)
2021-02-28 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in VMware affect IBM Cloud Pak System
2021-10-05 12:18:32
cisa
cisa
VMware Releases Multiple Security Updates
2021-02-24 00:00:00
CISA Adds 11 Known Exploited Vulnerabilities to Catalogβ€―
2022-03-07 00:00:00
vmware
vmware
VMware ESXi and vCenter Server updates address multiple security vulnerabilities (CVE-2021-21972, CVE-2021-21973, CVE-2021-21974)
2021-02-23 00:00:00
rapid7blog
rapid7blog
VMware vCenter Server CVE-2021-21972 Remote Code Execution Vulnerability: What You Need to Know
2021-02-24 22:22:14
threatpost
threatpost
VMWare Patches Critical RCE Flaw in vCenter Server
2021-02-24 17:14:55
thn
thn
Critical RCE Flaws Affect VMware ESXi and vSphere Client β€” Patch Now
2021-02-24 07:54:00

5.8 Medium

AI Score

Confidence

High

0.163 Low

EPSS

Percentile

96.0%

JSON
Related for CVELIST:CVE-2021-21973
cisa_kev1nvd1attackerkb1nuclei1cve1prion1nessus2githubexploit5checkpoint_advisories1ibm1cisa2vmware1rapid7blog1threatpost1thn1