Lucene search

[email protected]NVD:CVE-2021-21992

HistorySep 22, 2021 - 7:15 p.m.

CVE-2021-21992

2021-09-2219:15:09

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

35.1%

JSON

The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash) may exploit this issue to create a denial-of-service condition on the vCenter Server host.

Affected configurations

NVD

Node

vmwarecloud_foundationRange3.0–3.10.2.2

vmwarecloud_foundationRange4.0–4.3

vmwarevcenter_serverMatch6.5-

vmwarevcenter_serverMatch6.5a

vmwarevcenter_serverMatch6.5b

vmwarevcenter_serverMatch6.5c

vmwarevcenter_serverMatch6.5d

vmwarevcenter_serverMatch6.5e

vmwarevcenter_serverMatch6.5f

vmwarevcenter_serverMatch6.5update1

vmwarevcenter_serverMatch6.5update1b

vmwarevcenter_serverMatch6.5update1c

vmwarevcenter_serverMatch6.5update1d

vmwarevcenter_serverMatch6.5update1e

vmwarevcenter_serverMatch6.5update1g

vmwarevcenter_serverMatch6.5update2

vmwarevcenter_serverMatch6.5update2b

vmwarevcenter_serverMatch6.5update2c

vmwarevcenter_serverMatch6.5update2d

vmwarevcenter_serverMatch6.5update2g

vmwarevcenter_serverMatch6.5update3

vmwarevcenter_serverMatch6.5update3d

vmwarevcenter_serverMatch6.5update3f

vmwarevcenter_serverMatch6.5update3k

vmwarevcenter_serverMatch6.5update3n

vmwarevcenter_serverMatch6.5update3p

vmwarevcenter_serverMatch6.7-

vmwarevcenter_serverMatch6.7a

vmwarevcenter_serverMatch6.7b

vmwarevcenter_serverMatch6.7d

vmwarevcenter_serverMatch6.7update1

vmwarevcenter_serverMatch6.7update1b

vmwarevcenter_serverMatch6.7update2

vmwarevcenter_serverMatch6.7update2a

vmwarevcenter_serverMatch6.7update2c

vmwarevcenter_serverMatch6.7update3

vmwarevcenter_serverMatch6.7update3a

vmwarevcenter_serverMatch6.7update3b

vmwarevcenter_serverMatch6.7update3f

vmwarevcenter_serverMatch6.7update3g

vmwarevcenter_serverMatch6.7update3j

vmwarevcenter_serverMatch6.7update3l

vmwarevcenter_serverMatch6.7update3m

vmwarevcenter_serverMatch6.7update3n

vmwarevcenter_serverMatch7.0-

vmwarevcenter_serverMatch7.0a

vmwarevcenter_serverMatch7.0b

vmwarevcenter_serverMatch7.0c

vmwarevcenter_serverMatch7.0d

vmwarevcenter_serverMatch7.0update1

vmwarevcenter_serverMatch7.0update1a

vmwarevcenter_serverMatch7.0update1c

vmwarevcenter_serverMatch7.0update1d

vmwarevcenter_serverMatch7.0update2

vmwarevcenter_serverMatch7.0update2a

vmwarevcenter_serverMatch7.0update2b

References

www.vmware.com/security/advisories/VMSA-2021-0020.html

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

35.1%

JSON

Related for NVD:CVE-2021-21992

cve1 prion1 cvelist1 ibm1 nessus3 vmware2 thn1