Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2021-21980

🗓️ 24 Nov 2021 16:32:43Reported by vmwareType 
cve
 cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 190 Views🌐 WEB

The vSphere Web Client (FLEX/Flash) unauthorized arbitrary file read vulnerabilit

Related
Detection
Affected
Refs
Paths
Social
ReporterTitlePublishedViews
Family
GithubExploit		Exploit for CVE-2021-21980
1 Dec 202506:50
githubexploit
GithubExploit		Exploit for CVE-2021-21980
27 Nov 202505:16
githubexploit
IBM Security Bulletins		Security Bulletin: Vulnerabilities in vCenter affect IBM Cloud Pak System (CVE-2021-21980, CVE-2021-22049 )
13 Aug 202215:19
ibm
BDU FSTEC		The vulnerability of the vSphere Web Client (FLEX/Flash) component, which manages virtual infrastructure, affects both Vmware vCenter Server and VMware Cloud Foundation. This vulnerability allows an attacker to gain unauthorized access to protected information.
7 Dec 202100:00
bdu_fstec
Circl		CVE-2021-21980
24 Nov 202120:27
circl
CNNVD		VMware vCenter Server 信息泄露漏洞
23 Nov 202100:00
cnnvd
Cvelist		CVE-2021-21980
24 Nov 202116:32
cvelist
hivepro		VMware patches SSRF and arbitrary file read vulnerabilities in vCenter Server
25 Nov 202112:06
hivepro
NCSC		Vulnerabilities fixed in VMware vCenter
24 Nov 202100:00
ncsc
NVD		CVE-2021-21980
24 Nov 202117:15
nvd
Rows per page
NVD
Node
vmwarecloud_foundationMatch3.0-
OR
vmwarevcenter_serverMatch6.5-
OR
vmwarevcenter_serverMatch6.5update_1
OR
vmwarevcenter_serverMatch6.5update_1b
OR
vmwarevcenter_serverMatch6.5update_1c
OR
vmwarevcenter_serverMatch6.5update_1d
OR
vmwarevcenter_serverMatch6.5update_1e
OR
vmwarevcenter_serverMatch6.5update_1g
OR
vmwarevcenter_serverMatch6.5update_2
OR
vmwarevcenter_serverMatch6.5update_2b
OR
vmwarevcenter_serverMatch6.5update_2c
OR
vmwarevcenter_serverMatch6.5update_2d
OR
vmwarevcenter_serverMatch6.5update_2g
OR
vmwarevcenter_serverMatch6.5update_3
OR
vmwarevcenter_serverMatch6.5update_3d
OR
vmwarevcenter_serverMatch6.5update_3f
OR
vmwarevcenter_serverMatch6.5update_3k
OR
vmwarevcenter_serverMatch6.5update_3n
OR
vmwarevcenter_serverMatch6.5update_3p
OR
vmwarevcenter_serverMatch6.5update_3q
OR
vmwarevcenter_serverMatch6.7-
OR
vmwarevcenter_serverMatch6.7update_1
OR
vmwarevcenter_serverMatch6.7update_1b
OR
vmwarevcenter_serverMatch6.7update_2
OR
vmwarevcenter_serverMatch6.7update_2a
OR
vmwarevcenter_serverMatch6.7update_2c
OR
vmwarevcenter_serverMatch6.7update_3
OR
vmwarevcenter_serverMatch6.7update_3a
OR
vmwarevcenter_serverMatch6.7update_3b
OR
vmwarevcenter_serverMatch6.7update_3f
OR
vmwarevcenter_serverMatch6.7update_3g
OR
vmwarevcenter_serverMatch6.7update_3j
OR
vmwarevcenter_serverMatch6.7update_3l
OR
vmwarevcenter_serverMatch6.7update_3m
OR
vmwarevcenter_serverMatch6.7update_3n
OR
vmwarevcenter_serverMatch6.7update_3o
[
  {
    "product": "VMware vCenter Server and VMware Cloud Foundation",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "VMware vCenter Server (6.7 before 6.7 U3p and 6.5 before 6.5 U3r) and VMware Cloud Foundation 3.x"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
idquery paramui/vic-rest/services/containerViewPath traversal in vSphere Web Client allowing arbitrary file read via id parameterCWE-22
idquery parameam/vibPath traversal in mock/simulated vSphere Web Client endpoint enabling reading sensitive files via id parameterCWE-22

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Nov 2024 05:49Current
8.6High risk
Vulners AI Score8.6
CVSS 25
CVSS 3.17.5
EPSS0.04601
cve-2021-21980vsphereweb clientflexflasharbitrary file readvulnerabilityvcenter servernvd
190