CVE-2021-22009
published 2021-09-23CVE-2021-22009: The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. A malicious actor with network access to port 443 on…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit these issues to create a denial of service condition due to excessive memory consumption by VAPI service.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | cloud_foundation | >= 3.0 < 5.0 | 5.0 |
| vmware | vcenter_server | — | — |
| vmware | vcenter_server | — | — |