CVE-2021-21992Uncontrolled Resource Consumption in Vmware Vcenter Server

CWE-400Uncontrolled Resource Consumption4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.9%
top 23.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Vmware Cloud FoundationVmware Vcenter Server
Timeline
PublishedSep 22
Latest updateMay 24

Description

The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash) may exploit this issue to create a denial-of-service condition on the vCenter Server host.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDvmware/vcenter_server6.5, 6.7, 7.0+2
NVDvmware/cloud_foundation3.03.10.2.2+1

🔴Vulnerability Details

2
GHSA
GHSA-mhm3-qvq8-3fc6: The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing2022-05-24
CVEList
CVE-2021-21992: The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing2021-09-22

📋Vendor Advisories

1
VMware
VMware vCenter Server updates address multiple security vulnerabilities2021-09-21
CVE-2021-21992 — Uncontrolled Resource Consumption | cvebase