Lucene search
+L

4 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/08/13 3:19 p.m.69 views

Security Bulletin: Vulnerabilities in vCenter affect IBM Cloud Pak System (CVE-2021-21980, CVE-2021-22049 )

Summary Vulnerabilities have beein found in VMware vCenter. vCenter is shipped with Cloud Pak System. Cloud Pak System has addressed these vulnerabilities. Vulnerability Details CVEID:CVE-2021-21980 DESCRIPTION: VMware vCenter Server could allow a remote attacker to obtain sensitive information,...

10CVSS9.7AI score0.99999EPSS
Exploits359Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/12/02 12:0 a.m.209 views

VMware vCenter Server 6.5 / 6.7 Multiple Vulnerabilities (VMSA-2021-0027)

The version of VMware vCenter Server installed on the remote host is 6.5 prior to 6.5 U3r or 6.7 prior to 6.7 U3p. It is, therefore, affected by multiple vulnerabilities: - An arbitrary file read vulnerability exists in the vSphere web client. An unauthenticated, remote attacker can exploit this,...

9.8CVSS8.7AI score0.04601EPSS
Exploits2References3
hivepro
hivepro
added 2021/11/25 12:6 p.m.55 views

VMware patches SSRF and arbitrary file read vulnerabilities in vCenter Server

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. VMware has released fixes to address two security flaws in vCenter Server and Cloud Foundation tracked as CVE-2021-21980 and CVE-2021-22049. The vulnerability CVE-2021-21980 arbitrary file read is of major concern as an...

7.5CVSS8.8AI score0.04601EPSS
Exploits2
CVE
CVE
added 2021/11/24 4:32 p.m.192 views

CVE-2021-22049

CVE-2021-22049 is an SSRF flaw in the vSAN Web Client (vSAN UI) plug‑in of vSphere Web Client. Exploitation requires network access to port 443 on vCenter Server to trigger a URL request outside or to internal services. Connected sources confirm this affects VMware vCenter Server and describe the...

9.8CVSS9.2AI score0.01673EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder