The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure.
No source data
Vendor | Product | Version | CPE |
---|---|---|---|
vmware | vcenter_server | * | cpe:2.3:a:vmware:vcenter_server:*:*:*:*:*:*:*:* |