← Voltar para CVEs
CVE-2021-21973
MEDIUMCISA KEV5.3
Descricao
The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).
Detalhes CVE
Pontuacao CVSS v3.15.3
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado2/24/2021
Ultima modificacao10/30/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorVMware
ProdutovCenter Server and Cloud Foundation
Nome da vulnerabilidadeVMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability
Data inclusao KEV2022-03-07
Prazo de remediacao2022-03-21
Uso em ransomwareUnknown
Produtos afetados
vmware:cloud_foundationvmware:vcenter_server
Fraquezas (CWE)
CWE-918CWE-918
Referencias
https://www.vmware.com/security/advisories/VMSA-2021-0002.html(security@vmware.com)
https://www.vmware.com/security/advisories/VMSA-2021-0002.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21973(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.