The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.

CPENameOperatorVersion
cloud_foundationge3.0
cloud_foundationlt5.0
vcenter_servereq6.5
vcenter_servereq6.7
vcenter_servereq7.0

Name	Operator	Version
cloud_foundation	ge	3.0
cloud_foundation	lt	5.0
vcenter_server	eq	6.5
vcenter_server	eq	6.7
vcenter_server	eq	7.0

References

packetstormsecurity.com/files/164439/VMware-vCenter-Server-Analytics-CEIP-Service-File-Upload.html

www.vmware.com/security/advisories/VMSA-2021-0020.html

cnvd 1

githubexploit 11

hivepro 1

malwarebytes 3

threatpost 6

nuclei 1

cisa 1

metasploit 1

nessus 3

packetstorm 1

nvd 1

cve 1

checkpoint_advisories 1

cvelist 1

cisa_kev 1

zdt 1

attackerkb 1

rapid7blog 5

avleonov 2

vmware 2

thn 1

qualysblog 2

ics 1

cnvd

VMware vCenter Server File Upload Vulnerability

2021-09-24 00:00:00

githubexploit

Exploit for Path Traversal in Vmware Cloud Foundation

2021-10-27 08:36:21

Exploit for Unrestricted Upload of File with Dangerous Type in Vmware Cloud Foundation

2021-10-02 07:32:04

Exploit for Unrestricted Upload of File with Dangerous Type in Vmware Cloud Foundation

2022-02-15 13:11:04

hivepro

Drop everything and patch VMware’s vCenter Server Vulnerabilities

2021-09-22 13:29:07

malwarebytes

A week in security (Sept 20 – Sept 26)

2021-09-27 11:01:42

Patch vCenter Server “right now”, VMWare expects CVE-2021-22005 exploitation within minutes of disclosure

2021-09-22 11:27:11

Chinese APT's favorite vulnerabilities revealed

2022-10-13 16:15:00

threatpost

VMware Warns of Ransomware-Friendly Bug in vCenter Server

2021-09-22 16:17:33

SAS 2021: FinSpy Surveillance Kit Re-Emerges Stronger Than Ever

2021-09-28 17:45:59

Working PoC Is Out for VMware vCenter CVE-2021-22005 Flaw

2021-09-28 15:06:20

nuclei

VMware vCenter Server - Arbitrary File Upload

2021-09-22 08:05:36

cisa

VMware vCenter Server Vulnerability CVE-2021-22005 Under Active Exploit

2021-09-24 00:00:00

metasploit

VMware vCenter Server Analytics (CEIP) Service File Upload

2021-10-06 21:43:57

nessus

VMware vCenter Server Arbitrary File Upload (VMSA-2021-0020)

2021-10-06 00:00:00

VMware vCenter Server < 7.0 U2c Multiple Vulnerabilities (VMSA-2021-0020)

2021-09-22 00:00:00

VMware vCenter Server < 6.7 Multiple Vulnerabilities (VMSA-2021-0020)

2021-09-22 00:00:00

packetstorm

VMware vCenter Server Analytics (CEIP) Service File Upload

2021-10-07 00:00:00

nvd

CVE-2021-22005

2021-09-23 12:15:07

cve

CVE-2021-22005

2021-09-23 12:15:07

checkpoint_advisories

VMWare vCenter Server Arbitrary File Upload (CVE-2021-22005)

2021-09-27 00:00:00

cvelist

CVE-2021-22005

2021-09-23 11:37:30

cisa_kev

VMware vCenter Server File Upload Vulnerability

2021-11-03 00:00:00

zdt

VMware vCenter Server Analytics (CEIP) Service File Upload Exploit

2021-10-07 00:00:00

attackerkb

CVE-2021-22005

2021-09-23 00:00:00

rapid7blog

Metasploit Wrap-Up

2021-10-08 16:57:33

Critical vCenter Server File Upload Vulnerability (CVE-2021-22005)

2021-09-21 19:55:35

Rapid7 2021 Wrap-Up: Highlights From a Year of Empowering the Protectors

2022-01-05 18:52:41

avleonov

Security News: Microsoft Patch Tuesday October 2021, Autodiscover, MysterySnail, Exchange, DNS, Apache, HAProxy, VMware vCenter, Moodle

2021-10-21 00:23:01

Joint Advisory AA22-279A and Vulristics

2022-10-21 20:10:13

vmware

VMware vCenter Server updates address multiple security vulnerabilities

2021-09-21 00:00:00

VMware vCenter Server updates address multiple security vulnerabilities

2021-09-21 00:00:00

thn

VMware Warns of Critical File Upload Vulnerability Affecting vCenter Server

2021-09-22 03:09:00

qualysblog

NSA Alert: Topmost CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors

2022-10-07 20:03:01

Qualys Response to CISA Alert: Binding Operational Directive 22-01

2021-11-09 06:15:01

ics

Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors

2022-10-06 12:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

9.4 High

AI Score

Confidence

High

0.974 High

EPSS

Percentile

99.9%

JSON

Related for PRION:CVE-2021-22005