Vulnerability Details CVE-2021-22006
The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to access restricted endpoints.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.581
EPSS Ranking 98.0%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2021-22006
-
cpe:2.3:a:vmware:cloud_foundation:3.0
-
cpe:2.3:a:vmware:cloud_foundation:3.0.1
-
cpe:2.3:a:vmware:cloud_foundation:3.0.1.1
-
cpe:2.3:a:vmware:cloud_foundation:3.10
-
cpe:2.3:a:vmware:cloud_foundation:3.10.1
-
cpe:2.3:a:vmware:cloud_foundation:3.10.1.1
-
cpe:2.3:a:vmware:cloud_foundation:3.10.1.2
-
cpe:2.3:a:vmware:cloud_foundation:3.10.2.1
-
cpe:2.3:a:vmware:cloud_foundation:3.10.2.2
-
cpe:2.3:a:vmware:cloud_foundation:3.11
-
cpe:2.3:a:vmware:cloud_foundation:3.11.0.1
-
cpe:2.3:a:vmware:cloud_foundation:3.5
-
cpe:2.3:a:vmware:cloud_foundation:3.5.1
-
cpe:2.3:a:vmware:cloud_foundation:3.7
-
cpe:2.3:a:vmware:cloud_foundation:3.7.1
-
cpe:2.3:a:vmware:cloud_foundation:3.7.2
-
cpe:2.3:a:vmware:cloud_foundation:3.8
-
cpe:2.3:a:vmware:cloud_foundation:3.8.1
-
cpe:2.3:a:vmware:cloud_foundation:3.9
-
cpe:2.3:a:vmware:cloud_foundation:3.9.1
-
cpe:2.3:a:vmware:cloud_foundation:4.0
-
cpe:2.3:a:vmware:cloud_foundation:4.0.1
-
cpe:2.3:a:vmware:cloud_foundation:4.1
-
cpe:2.3:a:vmware:cloud_foundation:4.1.0.1
-
cpe:2.3:a:vmware:cloud_foundation:4.2
-
cpe:2.3:a:vmware:cloud_foundation:4.2.1
-
cpe:2.3:a:vmware:cloud_foundation:4.3
-
cpe:2.3:a:vmware:cloud_foundation:4.3.1
-
cpe:2.3:a:vmware:cloud_foundation:4.3.11
-
cpe:2.3:a:vmware:cloud_foundation:4.4
-
cpe:2.3:a:vmware:cloud_foundation:4.4.1
-
cpe:2.3:a:vmware:cloud_foundation:4.4.1.1
-
cpe:2.3:a:vmware:cloud_foundation:4.5
-
cpe:2.3:a:vmware:cloud_foundation:4.5.1
-
cpe:2.3:a:vmware:cloud_foundation:4.5.2
-
cpe:2.3:a:vmware:vcenter_server:6.7
-
cpe:2.3:a:vmware:vcenter_server:7.0