CVE-2021-21973

🗓️ 24 Feb 2021 16:42:02Reported by vmwareType

cve🔗 web.nvd.nist.gov📰️ 10 Media mentions👁 1145 Views🌐 WEB

vSphere Client (HTML5) SSRF vulnerability in vCenter Server plugin allows information disclosure

Reporter	Title	Published	Views	Family All 36
GithubExploit	Exploit for Path Traversal in Vmware Cloud_Foundation	3 Oct 202123:03	–	githubexploit
GithubExploit	Exploit for Path Traversal in Vmware Cloud_Foundation	3 Oct 202123:03	–	githubexploit
GithubExploit	Exploit for Path Traversal in Vmware Cloud_Foundation	6 Apr 202110:38	–	githubexploit
GithubExploit	Exploit for Path Traversal in Vmware Cloud_Foundation	3 Oct 202123:03	–	githubexploit
GithubExploit	Exploit for Path Traversal in Vmware Cloud_Foundation	3 Oct 202123:03	–	githubexploit
GithubExploit	Exploit for Path Traversal in Vmware Cloud_Foundation	3 Oct 202123:03	–	githubexploit
GithubExploit	Exploit for Path Traversal in Vmware Cloud_Foundation	3 Oct 202123:03	–	githubexploit
GithubExploit	Exploit for Path Traversal in Vmware Cloud_Foundation	3 Oct 202123:03	–	githubexploit
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in VMware affect IBM Cloud Pak System	5 Oct 202112:18	–	ibm
ATTACKERKB	CVE-2021-21973	24 Feb 202100:00	–	attackerkb

NVD

Node

vmware cloud_foundationRange3.0–3.10.1.2

vmware cloud_foundationRange4.0–4.2

vmware vcenter_serverMatch6.5-

vmware vcenter_serverMatch6.5a

vmware vcenter_serverMatch6.5b

vmware vcenter_serverMatch6.5c

vmware vcenter_serverMatch6.5d

vmware vcenter_serverMatch6.5e

vmware vcenter_serverMatch6.5f

vmware vcenter_serverMatch6.5update1d

vmware vcenter_serverMatch6.5update1e

vmware vcenter_serverMatch6.5update1g

vmware vcenter_serverMatch6.5update2

vmware vcenter_serverMatch6.5update2b

vmware vcenter_serverMatch6.5update2c

vmware vcenter_serverMatch6.5update2d

vmware vcenter_serverMatch6.5update2g

vmware vcenter_serverMatch6.5update3

vmware vcenter_serverMatch6.5update3d

vmware vcenter_serverMatch6.5update3f

vmware vcenter_serverMatch6.5update3k

vmware vcenter_serverMatch6.7-

vmware vcenter_serverMatch6.7a

vmware vcenter_serverMatch6.7b

vmware vcenter_serverMatch6.7d

vmware vcenter_serverMatch6.7update1

vmware vcenter_serverMatch6.7update1b

vmware vcenter_serverMatch6.7update2

vmware vcenter_serverMatch6.7update2a

vmware vcenter_serverMatch6.7update2c

vmware vcenter_serverMatch6.7update3

vmware vcenter_serverMatch6.7update3a

vmware vcenter_serverMatch6.7update3b

vmware vcenter_serverMatch6.7update3f

vmware vcenter_serverMatch6.7update3g

vmware vcenter_serverMatch6.7update3j

vmware vcenter_serverMatch7.0-

vmware vcenter_serverMatch7.0a

vmware vcenter_serverMatch7.0b

vmware vcenter_serverMatch7.0c

vmware vcenter_serverMatch7.0d

vmware vcenter_serverMatch7.0update1

vmware vcenter_serverMatch7.0update1a

[
  {
    "product": "VMware vCenter Server",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "7.x before 7.0 U1c"
      },
      {
        "status": "affected",
        "version": "6.7 before 6.7 U3l"
      },
      {
        "status": "affected",
        "version": "6.5 before 6.5 U3n"
      }
    ]
  },
  {
    "product": "VMware Cloud Foundation",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "4.x before 4.2"
      },
      {
        "status": "affected",
        "version": "3.x before 3.10.1.2"
      }
    ]
  }
]

Source	Link
vmware	www.vmware.com/security/advisories/VMSA-2021-0002.html
cisa	www.cisa.gov/known-exploited-vulnerabilities-catalog

Parameter	Position	Path	Description	CWE
uploadFile	request body	ui/vropspluginui/rest/services/uploadova	Unauthorized OVA upload leading to remote code execution via crafted tar with directory traversal

30 Oct 2025 20:06Current

6.7Medium risk

Vulners AI Score6.7

CVSS 25

CVSS 3.15.3

EPSS0.90385

SSVC