CVE-2021-22020

CVE-2021-22020 is a denial-of-service vulnerability in the Analytics service of VMware vCenter Server. Exploitation relies on input handling in Analytics, leading to DoS. VMware's VMSA-2021-0020 provides updates/patches; CVSSv3.1 shows MEDIUM (5.5) with LOCAL/low complexity. No exploit details ar...

CVE-2021-22020

The vCenter Server contains a denial-of-service vulnerability in the Analytics service. Successful exploitation of this issue may allow an attacker to create a denial-of-service condition on vCenter Server...

CVE-2021-22019

The vCenter Server contains a denial-of-service vulnerability in VAPI vCenter API service. A malicious actor with network access to port 5480 on vCenter Server may exploit this issue by sending a specially crafted jsonrpc message to create a denial of service condition...

CVE-2021-22019

CVE-2021-22019 is a denial-of-service vulnerability in VMware vCenter Server’s VAPI service. A remote attacker can send a crafted jsonrpc message to port 5480 to trigger DoS, impacting availability. Red Hat and NVD describe the same DoS condition; the issue is listed under VMSA-2021-0020 with hig...

CVE-2021-22018

The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files...

CVE-2021-22018

CVE-2021-22018 affects VMware vCenter Server via an arbitrary file deletion vulnerability in the vSphere Life-cycle Manager plug-in. A remote attacker can delete non-critical files by targeting port 9087. This is documented in multiple sources (e.g., RH-CVE-2021-22018 and VMware advisory VMSA-202...

CVE-2021-22013

The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information...

CVE-2021-22014

The vCenter Server contains an authenticated code execution vulnerability in VAMI Virtual Appliance Management Infrastructure. An authenticated VAMI user with network access to port 5480 on vCenter Server may exploit this issue to execute code on the underlying operating system that hosts vCenter...

CVE-2021-22013

The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information...

CVE-2021-22014

The vCenter Server contains an authenticated code execution vulnerability in VAMI Virtual Appliance Management Infrastructure. An authenticated VAMI user with network access to port 5480 on vCenter Server may exploit this issue to execute code on the underlying operating system that hosts vCenter...

CVE-2021-22012

The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information...

CVE-2021-22010

The vCenter Server contains a denial-of-service vulnerability in VPXD service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to create a denial of service condition due to excessive memory consumption by VPXD service...

CVE-2021-22007

The vCenter Server contains a local information disclosure vulnerability in the Analytics service. An authenticated user with non-administrative privilege may exploit this issue to gain access to sensitive information...

CVE-2021-22011

vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to perform unauthenticated VM network setting manipulation...

CVE-2021-22008

The vCenter Server contains an information disclosure vulnerability in VAPI vCenter API service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information...

CVE-2021-22009

The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI vCenter API service. A malicious actor with network access to port 443 on vCenter Server may exploit these issues to create a denial of service condition due to excessive memory consumption by VAPI service...

CVE-2021-22005

The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file...

CVE-2021-21993

The vCenter Server contains an SSRF Server Side Request Forgery vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosur...

CVE-2021-22006

The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to access restricted endpoints...

CVE-2021-22007

The vCenter Server contains a local information disclosure vulnerability in the Analytics service. An authenticated user with non-administrative privilege may exploit this issue to gain access to sensitive information...