Osama Alaa

**Name of the Vulnerable Software and Affected Versions** vCenter Server (affected versions not specified) **Description** The vCenter Server contains a denial-of-service issue due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash) may exploit this issue to create a denial-of-service condition on the vCenter Server host. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** vCenter Server (affected versions not specified) **Description** The vCenter Server contains a Server Side Request Forgery (SSRF) issue due to improper validation of URLs in the vCenter Server Content Library. An authorized user with access to the content library may exploit this by sending a POST request to the vCenter Server, leading to information disclosure. This can be achieved by sending a specially crafted POST request, allowing a remote attacker to perform an SSRF attack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.