Vulnerability Details CVE-2021-21980
The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.226
EPSS Ranking 95.5%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2021-21980
-
cpe:2.3:a:vmware:cloud_foundation:3.0
-
cpe:2.3:a:vmware:vcenter_server:6.5
-
cpe:2.3:a:vmware:vcenter_server:6.7