A server-side request forgery vulnerability exists in the VMware vCenter vSphere HTML5 client due to improper validation of URLs in a vCenter Server plugin. An unauthenticated, remote attacker can exploit this, via HTTPS, leading to information disclosure.
Binary data vmware_vcenter_cve-2021-21973.nbin
Vendor | Product | Version | CPE |
---|---|---|---|
vmware | vcenter_server | cpe:/a:vmware:vcenter_server |