CVE-2021-21986

Name of the Vulnerable Software and Affected Versions vSphere Client (HTML5) (affected versions not specified)

Description The issue concerns a vulnerability in the vSphere authentication mechanism for certain plug-ins, including Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability. This vulnerability could allow a malicious actor with network access to port 443 on vCenter Server to perform actions allowed by the impacted plug-ins without authentication. The vulnerability is related to deficiencies in the authentication procedure, which can be exploited by a remote attacker to bypass authentication or gain unauthorized access to the device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.