CVE-2021-22017
published 2021-09-23CVE-2021-22017: Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port…
medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2022-01-24
Exploited in the wild
Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to bypass proxy leading to internal endpoints being accessed.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | vcenter_server | — | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
vulncheck5.3MEDIUM
cisa5.3MEDIUM