CVE-2021-22049

Name of the Vulnerable Software and Affected Versions vSphere Web Client (FLEX/Flash) (affected versions not specified)

Description The vSphere Web Client contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service. The vulnerability is related to insufficient validation of incoming requests, which can allow a remote attacker to gain unauthorized access to protected information by sending a specially crafted HTTP request through port 443.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.