CVE-2021-22048

Name of the Vulnerable Software and Affected Versions VMware vCenter Server versions (affected versions not specified) VMware Cloud Foundation versions (affected versions not specified)

Description The issue is related to a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. This vulnerability can be exploited by a malicious actor with non-administrative access to elevate privileges to a higher privileged group. The vulnerability is associated with insufficient access control.

Recommendations For VMware vCenter Server, update to a version that includes a fix for the privilege escalation vulnerability in the IWA authentication mechanism. For VMware Cloud Foundation, update to a version that includes a fix for the privilege escalation vulnerability in the IWA authentication mechanism. As a temporary workaround, consider restricting access to the IWA authentication mechanism until a patch is available.