CVE-2021-21993

The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosure.

Published: Sep 23, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-21993
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-918

Affected Software
References

Software	From	Fixed in
vmware / vcenter_server	6.5	6.5.x
vmware / vcenter_server	6.7	6.7.x
vmware / vcenter_server	7.0	7.0.x
vmware / cloud_foundation	3.0	5.0

https://www.vmware.com/security/advisories/VMSA-2021-0020.html

Vulnerability Database

289,697

CVE-2021-21993