CVE-2021-21985

2021-05-26T15:15:00
ID CVE-2021-21985
Type cve
Reporter security@vmware.com
Modified 2021-06-03T14:19:00

Description

The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.