CVE-2021-22012

Name of the Vulnerable Software and Affected Versions vCenter Server (affected versions not specified)

Description The vCenter Server contains an information disclosure issue due to an unauthenticated appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information. This is related to the vCenter Server Appliance Management Interface (VAMI) and is associated with insufficient control of the system's controlled area, allowing an attacker to obtain unauthorized access to protected information by sending a specially crafted HTTP request through port 443.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.