CVE-2021-22018
First published: Thu Sep 23 2021(Updated: )
The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files.
Credit: security@vmware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware Cloud Foundation | >=4.0<4.3.1 | |
| VMware vCenter Server | =7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-22018?
CVE-2021-22018 is an arbitrary file deletion vulnerability in the vCenter Server, specifically in a VMware vSphere Life-cycle Manager plug-in.
How does CVE-2021-22018 work?
A malicious actor with network access to port 9087 on the vCenter Server can exploit this vulnerability to delete non-critical files.
What is the severity of CVE-2021-22018?
CVE-2021-22018 has a severity rating of 6.5, which is classified as medium.
Which software versions are affected by CVE-2021-22018?
VMware Cloud Foundation versions 4.0 to 4.3.1 and VMware vCenter Server version 7.0 are affected by CVE-2021-22018.
How can I fix CVE-2021-22018?
VMware has released a security advisory (VMSA-2021-0020) with remediation steps, please refer to the advisory for detailed instructions.
- collector/nvd-index
- vendor/vmware
- canonical/vmware cloud foundation
- version/vmware cloud foundation/4.0
- canonical/vmware vcenter server
- version/vmware vcenter server/7.0