CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-22049

The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.014

EPSS Ranking 79.4%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://www.vmware.com/security/advisories/VMSA-2021-0027.html
https://www.vmware.com/security/advisories/VMSA-2021-0027.html

Products affected by CVE-2021-22049

Vmware » Vcenter Server » Version: 6.5

cpe:2.3:a:vmware:vcenter_server:6.5
Vmware » Vcenter Server » Version: 6.7

cpe:2.3:a:vmware:vcenter_server:6.7
Vmware » Vcenter Server » Version: 7.0

cpe:2.3:a:vmware:vcenter_server:7.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-22049

Products

Pricing

Contact Us