cbcvebase.
CVE-2021-21993
published 2021-09-23

CVE-2021-21993: The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. An…

medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosure.

Affected

4 ranges
VendorProductVersion rangeFixed in
vmwarecloud_foundation>= 3.0 < 5.05.0
vmwarevcenter_server
vmwarevcenter_server
vmwarevcenter_server