ID CVE-2021-21973
Summary The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).
References
Vulnerable Configurations
  • cpe:2.3:a:vmware:cloud_foundation:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:cloud_foundation:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:cloud_foundation:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:cloud_foundation:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:cloud_foundation:3.0.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:cloud_foundation:3.0.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:cloud_foundation:3.5:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:cloud_foundation:3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:cloud_foundation:3.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:cloud_foundation:3.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:cloud_foundation:3.7:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:cloud_foundation:3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:cloud_foundation:3.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:cloud_foundation:3.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:cloud_foundation:3.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:cloud_foundation:3.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:cloud_foundation:3.8:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:cloud_foundation:3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:cloud_foundation:3.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:cloud_foundation:3.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:cloud_foundation:3.9:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:cloud_foundation:3.9:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:cloud_foundation:3.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:cloud_foundation:3.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:cloud_foundation:3.10:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:cloud_foundation:3.10:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:cloud_foundation:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:cloud_foundation:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:cloud_foundation:4.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:cloud_foundation:4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.5:e:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.5:e:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.5:f:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.5:f:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.5:u1d:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.5:u1d:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.5:u1e:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.5:u1e:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.5:u1g:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.5:u1g:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.5:u2:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.5:u2:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.5:u2b:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.5:u2b:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.5:u2c:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.5:u2c:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.5:u2d:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.5:u2d:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.5:u2g:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.5:u2g:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.5:u3:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.5:u3:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.5:u3d:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.5:u3d:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.5:u3f:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.5:u3f:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.5:u3k:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.5:u3k:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.7:a:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.7:a:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.7:b:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.7:b:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.7:d:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.7:d:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.7:u1:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.7:u1:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.7:u1b:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.7:u1b:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.7:u2:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.7:u2:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.7:u2a:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.7:u2a:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.7:u2c:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.7:u2c:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.7:u3:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.7:u3:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.7:u3a:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.7:u3a:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.7:u3b:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.7:u3b:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.7:u3f:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.7:u3f:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.7:u3g:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.7:u3g:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:6.7:u3j:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:6.7:u3j:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:7.0:u1:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:7.0:u1:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vcenter_server:7.0:u1a:*:*:*:*:*:*
    cpe:2.3:a:vmware:vcenter_server:7.0:u1a:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 04-03-2021 - 20:48)
Impact:
Exploitability:
CWE CWE-918
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
Last major update 04-03-2021 - 20:48
Published 24-02-2021 - 17:15
Last modified 04-03-2021 - 20:48
Back to Top