Vulnerability Database

313,825

Total vulnerabilities in the database

CVE-2021-22014

The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructure). An authenticated VAMI user with network access to port 5480 on vCenter Server may exploit this issue to execute code on the underlying operating system that hosts vCenter Server.

Published: Sep 23, 2021
Updated: Nov 16, 2025
CVE: CVE-2021-22014
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.2
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9
AV:N/AC:L/Au:S/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
vmware / vcenter_server	6.5	6.5.x
vmware / vcenter_server	6.7	6.7.x
vmware / vcenter_server	7.0	7.0.x
vmware / cloud_foundation	3.0	5.0

https://www.vmware.com/security/advisories/VMSA-2021-0020.html

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo