First published: Thu Sep 23 2021(Updated: )
The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit these issues to create a denial of service condition due to excessive memory consumption by VAPI service.
Credit: security@vmware.com
Affected Software | Affected Version | How to fix |
---|---|---|
VMware Cloud Foundation | >=3.0<5.0 | |
VMware vCenter Server | =6.7 | |
VMware vCenter Server | =7.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-22009.
The severity of CVE-2021-22009 is high with a score of 7.5.
A malicious actor with network access to port 443 on vCenter Server can exploit CVE-2021-22009 to create a denial of service condition due to excessive memory consumption by the VAPI service.
VMware Cloud Foundation (versions 3.0 to 5.0), VMware vCenter Server 6.7, and VMware vCenter Server 7.0 are affected by CVE-2021-22009.
Yes, VMware has released a security advisory (VMSA-2021-0020) that provides the necessary patches and updates to fix CVE-2021-22009.