CVE-2021-22016

CVE-2021-22016 affects VMware vCenter Server and involves a reflected cross-site scripting (XSS) vulnerability caused by insufficient input sanitization. An attacker could lure a user to click a crafted link and have malicious scripts run in the victim’s browser. Public details in connected sourc...

CVE-2021-22014

The vCenter Server contains an authenticated code execution vulnerability in VAMI Virtual Appliance Management Infrastructure. An authenticated VAMI user with network access to port 5480 on vCenter Server may exploit this issue to execute code on the underlying operating system that hosts vCenter...

CVE-2021-22014

CVE-2021-22014 is an authenticated code-execution vulnerability in VMware vCenter Server’s VAMI (port 5480). An authenticated VAMI user with network access to 5480 can execute arbitrary code on the underlying OS hosting vCenter Server. The issue is publicly discussed across multiple sources (e.g....

CVE-2021-22013

The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information...

CVE-2021-22013

CVE-2021-22013 is a path traversal vulnerability in VMware vCenter Server’s appliance management API that could allow an unauthenticated attacker with network access to port 443 to read arbitrary files, leading to information disclosure. Affected software is vCenter Server; root cause is improper...

CVE-2021-22012

The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information...

CVE-2021-22012

CVE-2021-22012 affects VMware vCenter Server. An information-disclosure vulnerability exists due to an unauthenticated appliance management API that allows a remote attacker with network access to port 443 to access sensitive information. Connected sources corroborate an unauthenticated API endpo...

CVE-2021-22011

vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to perform unauthenticated VM network setting manipulation...

CVE-2021-22011

CVE-2021-22011 describes an unauthenticated API endpoint vulnerability in VMware vCenter Server Content Library that allows a remote attacker with network access to port 443 to perform unauthenticated VM network setting manipulation. The issue is triggered by an unauthenticated API surface in vCe...

CVE-2021-22010

CVE-2021-22010 affects VMware vCenter Server: DoS caused by VPXD memory exhaustion when an attacker with network access to port 443 exploits a vulnerability in VPXD. Affected product scope includes vCenter Server deployments that expose VPXD on 443, leading to degraded service or denial of servic...

CVE-2021-22010

The vCenter Server contains a denial-of-service vulnerability in VPXD service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to create a denial of service condition due to excessive memory consumption by VPXD service...

CVE-2021-22009

CVE-2021-22009 affects VMware vCenter Server via VAPI, enabling a remote attacker to trigger a DoS through excessive memory consumption in the VAPI service when accessing port 443. Public sources (NVD/Red Hat CNVD) describe multiple memory‑exhaustion DoS vulnerabilities in VAPI/VAPI endpoints. Th...

CVE-2021-22009

The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI vCenter API service. A malicious actor with network access to port 443 on vCenter Server may exploit these issues to create a denial of service condition due to excessive memory consumption by VAPI service...

CVE-2021-22008

The vCenter Server contains an information disclosure vulnerability in VAPI vCenter API service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information...

CVE-2021-22008

CVE-2021-22008 is an information-disclosure flaw in VMware vCenter Server’s VAPI service. With network access to port 443, an attacker can send a crafted json-rpc message to access sensitive data. Public references (NVD/Red Hat/CNVD) describe the vulnerability similarly and cite VMware’s VMSA-202...

CVE-2021-22007

CVE-2021-22007 affects VMware vCenter Server in the Analytics service. An authenticated user with non-administrative privileges can disclose sensitive information via a local information disclosure vulnerability in Analytics. The issue is classified with CVSSv3.1 base score 5.5 (vector: CVSS:3.1/...

CVE-2021-22007

The vCenter Server contains a local information disclosure vulnerability in the Analytics service. An authenticated user with non-administrative privilege may exploit this issue to gain access to sensitive information...

CVE-2021-22006

VMware vCenter Server CVE-2021-22006 is a reverse proxy/bypass vulnerability arising from how the URI is handled, allowing an unauthenticated attacker with network access to port 443 to access restricted endpoints. Publicly documented details in multiple sources (NVD, CNVD, CVE lists, IBM/NCSC ad...

CVE-2021-22005

The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file...

CVE-2021-22005

The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file...