Vulnerabilities
Vulnerable Software
CVE-2021-22005
Known exploited
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.
CVSS Score
9.8
EPSS Score
0.945
Published
2021-09-23
The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to access restricted endpoints.
CVSS Score
7.5
EPSS Score
0.479
Published
2021-09-23
The vCenter Server contains a local information disclosure vulnerability in the Analytics service. An authenticated user with non-administrative privilege may exploit this issue to gain access to sensitive information.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-09-23
The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information.
CVSS Score
7.5
EPSS Score
0.007
Published
2021-09-23
The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit these issues to create a denial of service condition due to excessive memory consumption by VAPI service.
CVSS Score
7.5
EPSS Score
0.015
Published
2021-09-23
The vCenter Server contains a denial-of-service vulnerability in VPXD service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to create a denial of service condition due to excessive memory consumption by VPXD service.
CVSS Score
7.5
EPSS Score
0.011
Published
2021-09-23
vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to perform unauthenticated VM network setting manipulation.
CVSS Score
5.3
EPSS Score
0.008
Published
2021-09-23


Contact Us

Shodan ® - All rights reserved