CVE-2021-21980

The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.

Published: Nov 24, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-21980
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
vmware / vcenter_server	6.5	6.5.x
vmware / vcenter_server	6.7	6.7.x
vmware / cloud_foundation	3.0	3.0.x
vmware / vcenter_server	6.7-update_3o	6.7-update_3o.x
vmware / vcenter_server	6.7-update_3n	6.7-update_3n.x
vmware / vcenter_server	6.7-update_3m	6.7-update_3m.x
vmware / vcenter_server	6.7-update_3l	6.7-update_3l.x
vmware / vcenter_server	6.7-update_3j	6.7-update_3j.x
vmware / vcenter_server	6.7-update_3g	6.7-update_3g.x
vmware / vcenter_server	6.7-update_3f	6.7-update_3f.x
vmware / vcenter_server	6.7-update_3b	6.7-update_3b.x
vmware / vcenter_server	6.7-update_3a	6.7-update_3a.x
vmware / vcenter_server	6.7-update_3	6.7-update_3.x
vmware / vcenter_server	6.7-update_2c	6.7-update_2c.x
vmware / vcenter_server	6.7-update_2a	6.7-update_2a.x
vmware / vcenter_server	6.7-update_2	6.7-update_2.x
vmware / vcenter_server	6.7-update_1b	6.7-update_1b.x
vmware / vcenter_server	6.7-update_1	6.7-update_1.x
vmware / vcenter_server	6.5-update_3q	6.5-update_3q.x
vmware / vcenter_server	6.5-update_3p	6.5-update_3p.x
vmware / vcenter_server	6.5-update_3n	6.5-update_3n.x
vmware / vcenter_server	6.5-update_3k	6.5-update_3k.x
vmware / vcenter_server	6.5-update_3f	6.5-update_3f.x
vmware / vcenter_server	6.5-update_3d	6.5-update_3d.x
vmware / vcenter_server	6.5-update_3	6.5-update_3.x
vmware / vcenter_server	6.5-update_2g	6.5-update_2g.x
vmware / vcenter_server	6.5-update_2d	6.5-update_2d.x
vmware / vcenter_server	6.5-update_2c	6.5-update_2c.x
vmware / vcenter_server	6.5-update_2b	6.5-update_2b.x
vmware / vcenter_server	6.5-update_2	6.5-update_2.x
vmware / vcenter_server	6.5-update_1g	6.5-update_1g.x
vmware / vcenter_server	6.5-update_1e	6.5-update_1e.x
vmware / vcenter_server	6.5-update_1d	6.5-update_1d.x
vmware / vcenter_server	6.5-update_1c	6.5-update_1c.x
vmware / vcenter_server	6.5-update_1b	6.5-update_1b.x
vmware / vcenter_server	6.5-update_1	6.5-update_1.x

https://www.vmware.com/security/advisories/VMSA-2021-0027.html

Vulnerability Database

289,697

CVE-2021-21980