Magiczero

**Name of the Vulnerable Software and Affected Versions** vSphere Web Client (FLEX/Flash) (affected versions not specified) **Description** The vSphere Web Client contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service. The vulnerability is related to insufficient validation of incoming requests, which can allow a remote attacker to gain unauthorized access to protected information by sending a specially crafted HTTP request through port 443. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.