Lucene search
Sergey Gerasimov of SolidlabZDI-21-1105HistorySep 22, 2021 - 12:00 a.m.
VMware vCenter Server Appliance Update Manager Directory Traversal Arbitrary File Deletion Vulnerability
2021-09-2200:00:00
Sergey Gerasimov of Solidlab
www.zerodayinitiative.com
14
0.007 Low
EPSS
Percentile
80.2%
This vulnerability allows remote attackers to delete arbitrary files on affected installations of VMware vCenter Server Appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Update Manager. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of the service account.
Related
prion
prion
Arbitrary file deletion
2021-09-23 13:15:00
cve
cve
CVE-2021-22018
2021-09-23 13:15:08
nvd
nvd
CVE-2021-22018
2021-09-23 13:15:08
cvelist
cvelist
CVE-2021-22018
2021-09-23 12:16:31
nessus
nessus
VMware vCenter Server < 7.0 U2d Multiple Vulnerabilities (VMSA-2021-0020)
2021-09-22 00:00:00
vmware
vmware
VMware vCenter Server updates address multiple security vulnerabilities
2021-09-21 00:00:00
VMware vCenter Server updates address multiple security vulnerabilities
2021-09-21 00:00:00
thn
thn
VMware Warns of Critical File Upload Vulnerability Affecting vCenter Server
2021-09-22 03:09:00