| Vulnerability Name: | CVE-2021-21993 (CCN-209750) | ||||||||||||
| Assigned: | 2021-09-21 | ||||||||||||
| Published: | 2021-09-21 | ||||||||||||
| Updated: | 2021-09-27 | ||||||||||||
| Summary: | The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosure. | ||||||||||||
| CVSS v3 Severity: | 6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) 5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
3.8 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-918 | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2021-21993 Source: XF Type: UNKNOWN vmware-cve202121993-ssrf(209750) Source: CCN Type: IBM Security Bulletin 6507111 (Cloud Pak System) Multiple Vulnerabilities in VMware vCenter affect IBM Cloud Pak System Source: CCN Type: VMware Security Advisory VMSA-2021-0020 VMware vCenter Server updates address multiple security vulnerabilities Source: MISC Type: Patch, Vendor Advisory https://www.vmware.com/security/advisories/VMSA-2021-0020.html | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||