CVE-2021-21993

The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosure.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*

Information

Published : 2021-09-23 05:15

Updated : 2021-09-27 11:53


NVD link : CVE-2021-21993

Mitre link : CVE-2021-21993


JSON object : View

CWE
CWE-918

Server-Side Request Forgery (SSRF)

Advertisement

dedicated server usa

Products Affected

vmware

  • cloud_foundation
  • vcenter_server