First published: Thu Sep 23 2021(Updated: )
The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. An attacker may exploit this issue to execute malicious scripts by tricking a victim into clicking a malicious link.
Credit: security@vmware.com
Affected Software | Affected Version | How to fix |
---|---|---|
VMware Cloud Foundation | >=3.0<5.0 | |
VMware vCenter Server | =6.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-22016 is a reflected cross-site scripting vulnerability in vCenter Server.
CVE-2021-22016 affects VMware vCenter Server 6.7.
The severity of CVE-2021-22016 is medium with a CVSS score of 6.1.
CVE-2021-22016 can be exploited by tricking a victim into clicking a malicious link.
Yes, VMware has released a security advisory (VMSA-2021-0020) that includes fixes and mitigations for CVE-2021-22016.