Lucene search

PRIOn knowledge basePRION:CVE-2021-22018

HistorySep 23, 2021 - 1:15 p.m.

Arbitrary file deletion

2021-09-2313:15:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

6.7 Medium

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.005 Low

EPSS

Percentile

74.6%

JSON

The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files.

CPENameOperatorVersion
cloud_foundationge4.0
cloud_foundationlt4.3.1
vcenter_servereq7.0

Name	Operator	Version
cloud_foundation	ge	4.0
cloud_foundation	lt	4.3.1
vcenter_server	eq	7.0

References

www.vmware.com/security/advisories/VMSA-2021-0020.html

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

6.7 Medium

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.005 Low

EPSS

Percentile

74.6%

JSON

Related for PRION:CVE-2021-22018