Lucene search
K

6 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/08/13 3:19 p.m.68 views

Security Bulletin: Vulnerabilities in vCenter affect IBM Cloud Pak System (CVE-2021-21980, CVE-2021-22049 )

Summary Vulnerabilities have beein found in VMware vCenter. vCenter is shipped with Cloud Pak System. Cloud Pak System has addressed these vulnerabilities. Vulnerability Details CVEID:CVE-2021-21980 DESCRIPTION: VMware vCenter Server could allow a remote attacker to obtain sensitive information,...

10CVSS9.7AI score0.99999EPSS
Exploits356Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/12/02 12:0 a.m.209 views

VMware vCenter Server 6.5 / 6.7 Multiple Vulnerabilities (VMSA-2021-0027)

The version of VMware vCenter Server installed on the remote host is 6.5 prior to 6.5 U3r or 6.7 prior to 6.7 U3p. It is, therefore, affected by multiple vulnerabilities: - An arbitrary file read vulnerability exists in the vSphere web client. An unauthenticated, remote attacker can exploit this,...

9.8CVSS8.7AI score0.04601EPSS
Exploits2References3
hivepro
hivepro
added 2021/11/25 12:6 p.m.54 views

VMware patches SSRF and arbitrary file read vulnerabilities in vCenter Server

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. VMware has released fixes to address two security flaws in vCenter Server and Cloud Foundation tracked as CVE-2021-21980 and CVE-2021-22049. The vulnerability CVE-2021-21980 arbitrary file read is of major concern as an...

7.5CVSS8.8AI score0.04601EPSS
Exploits2
The Hacker News
The Hacker News
added 2021/11/25 5:9 a.m.63 views

VMware Warns of Newly Discovered Vulnerabilities in vSphere Web Client

VMware has shipped updates to address two security vulnerabilities in vCenter Server and Cloud Foundation that could be abused by a remote attacker to gain access to sensitive information. The more severe of the issues concerns an arbitrary file read vulnerability in the vSphere Web Client. Track...

7.5CVSS9AI score0.04601EPSS
Exploits2
OSV
OSV
added 2021/11/24 5:15 p.m.5 views

CVE-2021-21980

The vSphere Web Client FLEX/Flash contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information...

7.5CVSS7.5AI score0.04601EPSS
Exploits2References1
CVE
CVE
added 2021/11/24 4:32 p.m.199 views

CVE-2021-21980

CVE-2021-21980 affects the vSphere Web Client (FLEX/Flash) in VMware vCenter Server, enabling an unauthorized arbitrary file read via network access to port 443. Public documentation confirms path traversal/vfile-read behavior with high impact (CVE-2021-21980; CVSSv3.1 base 7.5). Affected product...

7.5CVSS8.6AI score0.04601EPSS
Exploits2References1Affected Software2
Rows per page
Query Builder