CVE-2021-22017

Name of the Vulnerable Software and Affected Versions vCenter Server (affected versions not specified)

Description The issue is related to improper implementation of URI normalization in the rhttproxy service used by vCenter Server. This allows a malicious actor with network access to port 443 on vCenter Server to exploit the issue and bypass proxy, leading to internal endpoints being accessed. The vulnerability is also described as an improper access control issue, which can be exploited by a remote attacker to bypass existing security restrictions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.