CVE-2021-22049

The vSphere Web Client FLEX/Flash contains an SSRF Server Side Request Forgery vulnerability in the vSAN Web Client vSAN UI plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an...

EUVD-2021-9216

Malicious code in bioql PyPI...

EUVD-2025-25965

Malicious code in bioql PyPI...

CVE-2025-58126

Improper Certificate Validation in Checkmk Exchange plugin VMware vSAN allows attackers in MitM position to intercept traffic...

CVE-2025-58126

Improper Certificate Validation in Checkmk Exchange plugin VMware vSAN allows attackers in MitM position to intercept traffic...

CVE-2025-58126 Lack of TLS validation in plugin VMware vSAN on Checkmk Exchange

Improper Certificate Validation in Checkmk Exchange plugin VMware vSAN allows attackers in MitM position to intercept traffic...

CVE-2025-58126

CVE-2025-58126 affects the Checkmk Exchange plugin for VMware vSAN. The root cause is improper certificate validation (TLS/SSL) in the plugin, which permits a man-in-the-middle attacker to intercept traffic. Documented impact is exposure of communications in MitM scenarios; exploitation details a...

CVE-2025-58126 Lack of TLS validation in plugin VMware vSAN on Checkmk Exchange

Improper Certificate Validation in Checkmk Exchange plugin VMware vSAN allows attackers in MitM position to intercept traffic...

Checkmk Exchange plugin VMware vSAN 安全漏洞

Checkmk Exchange plugin VMware vSAN is a plugin for device status monitoring from Checkmk Germany. A security vulnerability exists in Checkmk Exchange plugin VMware vSAN that stems from improper certificate validation and could lead to a man-in-the-middle attacker intercepting traffic...

PT-2025-35082

Name of the Vulnerable Software and Affected Versions: Checkmk Exchange plugin VMware vSAN affected versions not specified Description: The Checkmk Exchange plugin for VMware vSAN contains an improper certificate validation flaw. This allows attackers positioned in a Man-in-the-Middle MitM positi...

VMware vCenter Server 6.5 / 6.7 Multiple Vulnerabilities (VMSA-2021-0027)

The version of VMware vCenter Server installed on the remote host is 6.5 prior to 6.5 U3r or 6.7 prior to 6.7 U3p. It is, therefore, affected by multiple vulnerabilities: - An arbitrary file read vulnerability exists in the vSphere web client. An unauthenticated, remote attacker can exploit this,...

VMware Warns of Newly Discovered Vulnerabilities in vSphere Web Client

VMware has shipped updates to address two security vulnerabilities in vCenter Server and Cloud Foundation that could be abused by a remote attacker to gain access to sensitive information. The more severe of the issues concerns an arbitrary file read vulnerability in the vSphere Web Client. Track...

CVE-2021-22049

The vSphere Web Client FLEX/Flash contains an SSRF Server Side Request Forgery vulnerability in the vSAN Web Client vSAN UI plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an...

CVE-2021-22049

The vSphere Web Client FLEX/Flash contains an SSRF Server Side Request Forgery vulnerability in the vSAN Web Client vSAN UI plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an...

Server side request forgery (ssrf)

The vSphere Web Client FLEX/Flash contains an SSRF Server Side Request Forgery vulnerability in the vSAN Web Client vSAN UI plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an...

CVE-2021-22049

The vSphere Web Client FLEX/Flash contains an SSRF Server Side Request Forgery vulnerability in the vSAN Web Client vSAN UI plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an...

CVE-2021-22049

CVE-2021-22049 is an SSRF flaw in the vSAN Web Client (vSAN UI) plug‑in of vSphere Web Client. Exploitation requires network access to port 443 on vCenter Server to trigger a URL request outside or to internal services. Connected sources confirm this affects VMware vCenter Server and describe the...

Veeam ONE version 10/10a impact on VMware vSAN

Challenge The API calls used by Veeam ONE version 10/10a to collect vSAN performance data may impact vSAN health and performance in some environments. Solution Upgrade Veeam ONE to version 11 or later. Starting with Veeam ONE v11, a new collection method was implemented to prevent this issue. Vee...

Critical RCE Vulnerability Found in VMware vCenter Server — Patch Now!

VMware has rolled out patches to address a critical security vulnerability in vCenter Server that could be leveraged by an adversary to execute arbitrary code on the server. Tracked as CVE-2021-21985 CVSS score 9.8, the issue stems from a lack of input validation in the Virtual SAN vSAN Health...

Google Cloud VMware Engine (GCVE) Support Statement

Support Statement Google Cloud VMware Engine GCVE is a fully compliant and certified full-stack cloud infrastructure sold and supported by Google. You can natively deploy VMware vSphere-based workloads in a dedicated Software-Defined Data Center SDDC on Google Cloud and utilize the same...