Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2021-21973
HistoryFeb 24, 2021 - 5:15 p.m.

CVE-2021-21973

2021-02-2417:15:00
CWE-918
[email protected]
web.nvd.nist.gov
946
In Wild
20
vsphere
html5
ssrf
vulnerability
vcenter server
information disclosure
cve-2021-21973
nvd

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.159 Low

EPSS

Percentile

95.9%

JSON

The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).

Social References

More

Related

cisa_kev 1
attackerkb 1
nuclei 1
nessus 2
prion 1
githubexploit 5
checkpoint_advisories 1
ibm 1
cisa 2
rapid7blog 1
vmware 1
threatpost 1
thn 1
cisa_kev
cisa_kev
VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability
2022-03-07 00:00:00
attackerkb
attackerkb
CVE-2021-21973
2021-02-24 00:00:00
nuclei
nuclei
VMware vSphere - Server-Side Request Forgery
2022-01-27 10:20:44
nessus
nessus
VMware vCenter Server SSRF (CVE-2021-21973) (Direct Check)
2022-08-23 00:00:00
VMware vCenter Server 6.5 / 6.7 / 7.0 Multiple Vulnerabilities (VMSA-2021-0002)
2021-02-25 00:00:00
prion
prion
Server side request forgery (ssrf)
2021-02-24 17:15:00
githubexploit
githubexploit
Exploit for Improper Privilege Management in Vmware Cloud Foundation
2021-04-06 10:38:40
Exploit for Improper Privilege Management in Vmware Cloud Foundation
2021-10-03 23:03:11
Exploit for Improper Privilege Management in Vmware Cloud Foundation
2021-10-03 23:03:11
checkpoint_advisories
checkpoint_advisories
VMware vSphere Client Remote Code Execution (CVE-2021-21972; CVE-2021-21973)
2021-02-28 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in VMware affect IBM Cloud Pak System
2021-10-05 12:18:32
cisa
cisa
VMware Releases Multiple Security Updates
2021-02-24 00:00:00
CISA Adds 11 Known Exploited Vulnerabilities to Catalogβ€―
2022-03-07 00:00:00
rapid7blog
rapid7blog
VMware vCenter Server CVE-2021-21972 Remote Code Execution Vulnerability: What You Need to Know
2021-02-24 22:22:14
vmware
vmware
VMware ESXi and vCenter Server updates address multiple security vulnerabilities (CVE-2021-21972, CVE-2021-21973, CVE-2021-21974)
2021-02-23 00:00:00
threatpost
threatpost
VMWare Patches Critical RCE Flaw in vCenter Server
2021-02-24 17:14:55
thn
thn
Critical RCE Flaws Affect VMware ESXi and vSphere Client β€” Patch Now
2021-02-24 07:54:00

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.159 Low

EPSS

Percentile

95.9%

JSON
Related for CVE-2021-21973
cisa_kev1attackerkb1nuclei1nessus2prion1githubexploit5checkpoint_advisories1ibm1cisa2rapid7blog1vmware1threatpost1thn1