PT-2021-4329 · Vmware · Vcenter Server+1

George Noseevich

Published

2021-09-21

Updated

2022-07-12

CVE-2021-22009

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions vCenter Server (affected versions not specified)

Description The issue is related to an uncontrolled resource consumption in the VAPI service of VMware vCenter Server. It can be exploited by a remote attacker to cause a denial of service by sending a specially crafted HTTP request through port 443. This can lead to excessive memory consumption by the VAPI service, resulting in a denial of service condition.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Resource Exhaustion

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-668

Related Identifiers

BDU:2021-04953

CVE-2021-22009

ZDI-21-1110

ZDI-21-1111

Affected Products

Vmware Vcenter

Vcenter Server

PT-2021-4329 · Vmware · Vcenter Server+1

CVE-2021-22009

Weakness Enumeration

Related Identifiers

Affected Products

References · 8