Lucene search
Sergey Gerasimov and George webpentest Noseevich of SolidLabZDI-21-1107HistorySep 22, 2021 - 12:00 a.m.
VMware vCenter Server Appliance Missing Authentication Information Disclosure Vulnerability
2021-09-2200:00:00
Sergey Gerasimov and George webpentest Noseevich of SolidLab
www.zerodayinitiative.com
11
0.026 Low
EPSS
Percentile
90.5%
This vulnerability allows remote attackers to disclose sensitive information on affected installations of VMware vCenter Server Appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of jsonrpc messages. The issue results from the lack of proper authentication before processing messages. An attacker can leverage this vulnerability to disclose sensitive information from the server.
Related
cve
cve
CVE-2021-22008
2021-09-23 12:15:07
nvd
nvd
CVE-2021-22008
2021-09-23 12:15:07
cnvd
cnvd
VMware vCenter Server Information Disclosure Vulnerability (CNVD-2021-74283)
2021-09-24 00:00:00
cvelist
cvelist
CVE-2021-22008
2021-09-23 11:41:28
prion
prion
Information disclosure
2021-09-23 12:15:00
nessus
nessus
VMware vCenter Server < 6.5 U3q Multiple Vulnerabilities (VMSA-2021-0020)
2021-09-22 00:00:00
VMware vCenter Server < 7.0 U2c Multiple Vulnerabilities (VMSA-2021-0020)
2021-09-22 00:00:00
VMware vCenter Server < 6.7 Multiple Vulnerabilities (VMSA-2021-0020)
2021-09-22 00:00:00
ibm
ibm
vmware
vmware
VMware vCenter Server updates address multiple security vulnerabilities
2021-09-21 00:00:00
VMware vCenter Server updates address multiple security vulnerabilities
2021-09-21 00:00:00
thn
thn
VMware Warns of Critical File Upload Vulnerability Affecting vCenter Server
2021-09-22 03:09:00