First published: Thu Sep 23 2021(Updated: )
The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosure.
Credit: security@vmware.com
Affected Software | Affected Version | How to fix |
---|---|---|
VMware Cloud Foundation | >=3.0<5.0 | |
VMware vCenter Server | =6.5 | |
VMware vCenter Server | =6.7 | |
VMware vCenter Server | =7.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-21993 is an SSRF (Server Side Request Forgery) vulnerability in vCenter Server due to improper validation of URLs in the vCenter Server Content Library, which can lead to information disclosure.
VMware Cloud Foundation with versions ranging from 3.0 to 5.0 is affected by CVE-2021-21993.
CVE-2021-21993 affects VMware vCenter Server versions 6.5, 6.7, and 7.0.
CVE-2021-21993 has a severity rating of 6.5, which is considered medium.
Apply the necessary patches or upgrades provided by VMware to fix the vulnerability in vCenter Server and ensure proper validation of URLs in the vCenter Server Content Library.