Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.VMWARE_VCENTER_CVE-2021-21973.NBIN
HistoryAug 23, 2022 - 12:00 a.m.

VMware vCenter Server SSRF (CVE-2021-21973) (Direct Check)

2022-08-2300:00:00
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
29

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.163 Low

EPSS

Percentile

96.0%

JSON

A server-side request forgery vulnerability exists in the VMware vCenter vSphere HTML5 client due to improper validation of URLs in a vCenter Server plugin. An unauthenticated, remote attacker can exploit this, via HTTPS, leading to information disclosure.

Binary data vmware_vcenter_cve-2021-21973.nbin
VendorProductVersionCPE
vmwarevcenter_servercpe:/a:vmware:vcenter_server

Related

cisa_kev 1
nvd 1
attackerkb 1
nuclei 1
cvelist 1
cve 1
prion 1
nessus 1
githubexploit 5
checkpoint_advisories 1
ibm 1
cisa 2
vmware 1
rapid7blog 1
threatpost 1
thn 1
cisa_kev
cisa_kev
VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability
2022-03-07 00:00:00
nvd
nvd
CVE-2021-21973
2021-02-24 17:15:15
attackerkb
attackerkb
CVE-2021-21973
2021-02-24 00:00:00
nuclei
nuclei
VMware vSphere - Server-Side Request Forgery
2022-01-27 10:20:44
cvelist
cvelist
CVE-2021-21973
2021-02-24 16:42:02
cve
cve
CVE-2021-21973
2021-02-24 17:15:15
prion
prion
Server side request forgery (ssrf)
2021-02-24 17:15:00
nessus
nessus
VMware vCenter Server 6.5 / 6.7 / 7.0 Multiple Vulnerabilities (VMSA-2021-0002)
2021-02-25 00:00:00
githubexploit
githubexploit
Exploit for Improper Privilege Management in Vmware Cloud Foundation
2021-10-03 23:03:11
Exploit for Improper Privilege Management in Vmware Cloud Foundation
2021-04-06 10:38:40
Exploit for Improper Privilege Management in Vmware Cloud Foundation
2021-10-03 23:03:11
checkpoint_advisories
checkpoint_advisories
VMware vSphere Client Remote Code Execution (CVE-2021-21972; CVE-2021-21973)
2021-02-28 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in VMware affect IBM Cloud Pak System
2021-10-05 12:18:32
cisa
cisa
VMware Releases Multiple Security Updates
2021-02-24 00:00:00
CISA Adds 11 Known Exploited Vulnerabilities to Catalogβ€―
2022-03-07 00:00:00
vmware
vmware
VMware ESXi and vCenter Server updates address multiple security vulnerabilities (CVE-2021-21972, CVE-2021-21973, CVE-2021-21974)
2021-02-23 00:00:00
rapid7blog
rapid7blog
VMware vCenter Server CVE-2021-21972 Remote Code Execution Vulnerability: What You Need to Know
2021-02-24 22:22:14
threatpost
threatpost
VMWare Patches Critical RCE Flaw in vCenter Server
2021-02-24 17:14:55
thn
thn
Critical RCE Flaws Affect VMware ESXi and vSphere Client β€” Patch Now
2021-02-24 07:54:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.163 Low

EPSS

Percentile

96.0%

JSON
Related for VMWARE_VCENTER_CVE-2021-21973.NBIN
cisa_kev1nvd1attackerkb1nuclei1cvelist1cve1prion1nessus1githubexploit5checkpoint_advisories1ibm1cisa2vmware1rapid7blog1threatpost1thn1