CVE-2021-21993: SSRF
First published: Thu Sep 23 2021(Updated: )
Credit: security@vmware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware Cloud Foundation | >=3.0<5.0 | |
| VMware vCenter Server | =6.5 | |
| VMware vCenter Server | =6.7 | |
| VMware vCenter Server | =7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-21993?
CVE-2021-21993 is an SSRF (Server Side Request Forgery) vulnerability in vCenter Server due to improper validation of URLs in the vCenter Server Content Library, which can lead to information disclosure.
How does CVE-2021-21993 affect VMware Cloud Foundation?
VMware Cloud Foundation with versions ranging from 3.0 to 5.0 is affected by CVE-2021-21993.
Which versions of VMware vCenter Server are affected by CVE-2021-21993?
CVE-2021-21993 affects VMware vCenter Server versions 6.5, 6.7, and 7.0.
What is the severity of CVE-2021-21993?
CVE-2021-21993 has a severity rating of 6.5, which is considered medium.
How can CVE-2021-21993 be mitigated?
Apply the necessary patches or upgrades provided by VMware to fix the vulnerability in vCenter Server and ensure proper validation of URLs in the vCenter Server Content Library.
- collector/nvd-index
- vendor/vmware
- product/cloud foundation
- canonical/vmware cloud foundation
- product/vcenter server
- canonical/vmware vcenter server