Lucene search

[email protected]CVE-2021-22018

HistorySep 23, 2021 - 1:15 p.m.

CVE-2021-22018

2021-09-2313:15:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve-2021-22018

vcenter server

vmware vsphere

life-cycle manager

arbitrary file deletion

vulnerability

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

7.1 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.005 Low

EPSS

Percentile

74.9%

JSON

The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files.

CPENameOperatorVersion
vmware:vcenter_servervmware vcenter servereq7.0
vmware:cloud_foundationvmware cloud foundationlt4.3.1

CPE	Name	Operator	Version
vmware:vcenter_server	vmware vcenter server	eq	7.0
vmware:cloud_foundation	vmware cloud foundation	lt	4.3.1

References

www.vmware.com/security/advisories/VMSA-2021-0020.html

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

7.1 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.005 Low

EPSS

Percentile

74.9%

JSON

Related for CVE-2021-22018

prion1 zdi1 nessus1 vmware2 thn1