PT-2021-4355 · Vmware · Vcenter Server+1

Osama Alaa

Published

2021-09-21

Updated

2021-09-27

CVE-2021-21993

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions vCenter Server (affected versions not specified)

Description The vCenter Server contains a Server Side Request Forgery (SSRF) issue due to improper validation of URLs in the vCenter Server Content Library. An authorized user with access to the content library may exploit this by sending a POST request to the vCenter Server, leading to information disclosure. This can be achieved by sending a specially crafted POST request, allowing a remote attacker to perform an SSRF attack.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

BDU:2021-04984

CVE-2021-21993

Affected Products

Vmware Vcenter

Vcenter Server

PT-2021-4355 · Vmware · Vcenter Server+1

CVE-2021-21993

Weakness Enumeration

Related Identifiers

Affected Products

References · 7