13 matches found
CVE-2021-21985
The vSphere Client HTML5 contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with...
VMware vCenter Server Virtual SAN Health Check Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware vCenter Server Virtual SAN Health Check Plugin RCE', 'Description' = %q This module exploits Java unsafe reflection and SSRF in the VMware...
VulnCheck KEV: CVE-2021-21985
VMware vSphere Client contains an improper input validation vulnerability in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server, which allows for remote code execution...
CVE-2021-21986
The vSphere Client HTML5 contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Server may perform...
CVE-2021-21985
The vSphere Client HTML5 contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with...
Remote code execution
The vSphere Client HTML5 contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with...
CVE-2021-21985
The vSphere Client HTML5 contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with...
CVE-2021-21985
The vSphere Client HTML5 contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with...
CVE-2021-21985
CVE-2021-21985 affects VMware vCenter Server via the vSphere Client (HTML5) and the default-enabled Virtual SAN Health Check plug‑in. Root cause: improper input validation leads to remote code execution when an attacker with network access to port 443 sends crafted input, enabling commands with u...
VMware vCenter Server远程代码执行漏洞(CVE-2021-21985)
Rapid7 May 26, 2021 5:34pm UTC 1 day ago• Last updated May 27, 2021 6:39pm UTC 7 hours ago Technical Analysis Threat status: Impending threat Attacker utility: Network infrastructure compromise Description On Tuesday, May 25, 2021, VMware published security advisory VMSA-2021-0010, which includes...
CVE-2021-21985
The vSphere Client HTML5 contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with...
PT-2021-3176
Name of the Vulnerable Software and Affected Versions vSphere Client HTML5 affected versions not specified VMware vCenter Server affected versions not specified Description The issue exists due to insufficient input validation in the Virtual SAN Health Check plug-in, which is enabled by default i...
VMSA-2021-0010:VMware vCenter Server updates address remote code execution and authentication vulnerabilities
Advisory ID: VMSA-2021-0010 CVSSv3 Range: 6.5-9.8 Issue Date:2021-05-25 Updated On: 2021-05-25 Initial Advisory CVEs: CVE-2021-21985, CVE-2021-21986 Synopsis: VMware vCenter Server updates address remote code execution and authentication vulnerabilities CVE-2021-21985, CVE-2021-21986 RSS Feed...