Vulners
Lucene search
VMware vCenter Server - Arbitrary File Upload
| Reporter | Title | Published | Views | Family All 57 |
|---|---|---|---|---|
 | Exploit for Path Traversal in Vmware Cloud_Foundation | 8 Dec 202123:44 | – | gitee |
 | VMware vCenter Server Analytics (CEIP) Service File Upload Exploit | 7 Oct 202100:00 | – | zdt |
 | Exploit for Path Traversal in Vmware Cloud_Foundation | 24 Oct 202123:14 | – | githubexploit |
| Exploit for CVE-2021-22006 | 26 Sep 202101:02 | – | githubexploit |
| Exploit for Path Traversal in Vmware Cloud_Foundation | 25 Sep 202107:19 | – | githubexploit |
| Exploit for Path Traversal in Vmware Cloud_Foundation | 27 Oct 202108:36 | – | githubexploit |
| Exploit for Path Traversal in Vmware Cloud_Foundation | 2 Oct 202107:32 | – | githubexploit |
| Exploit for Path Traversal in Vmware Cloud_Foundation | 4 Oct 202203:39 | – | githubexploit |
 | Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors | 6 Oct 202212:00 | – | ics |
 | CVE-2021-22005 | 23 Sep 202100:00 | – | attackerkb |
10
id: CVE-2021-22005
info:
name: VMware vCenter Server - Arbitrary File Upload
author: PR3R00T
severity: critical
description: VMware vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.
impact: |
Allows an attacker to upload and execute arbitrary files on the target system
remediation: |
Apply the necessary security patches or updates provided by VMware
reference:
- https://kb.vmware.com/s/article/85717
- https://www.vmware.com/security/advisories/VMSA-2021-0020.html
- https://core.vmware.com/vmsa-2021-0020-questions-answers-faq
- https://nvd.nist.gov/vuln/detail/CVE-2021-22005
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2021-22005
cwe-id: CWE-22
epss-score: 0.99999
epss-percentile: 0.99998
cpe: cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: vmware
product: cloud_foundation
tags: cve2021,cve,vmware,vcenter,fileupload,kev,intrusive,vkev,vuln
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
- |
POST /analytics/telemetry/ph/api/hyper/send?_c&_i=test HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
test_data
matchers:
- type: dsl
dsl:
- "status_code_1 == 200"
- "status_code_2 == 201"
- "contains(body_1, 'VMware vSphere')"
- "content_length_2 == 0"
condition: and
# digest: 490a0046304402200100b190e2cc58e89be0bd827e24daffe13e67bf44964182254389e47d9433ad0220349f2438d50b631a2e7939b4a3371d845f9cdd6f0111adbb7027d85eca60f92f:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Feb 2026 07:00Current
8.7High risk
Vulners AI Score8.7
CVSS 27.5
CVSS 3.19.8
EPSS0.99999
SSVC