CVE-2021-22019
published 2021-09-23CVE-2021-22019: The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 5480 on vCenter…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 5480 on vCenter Server may exploit this issue by sending a specially crafted jsonrpc message to create a denial of service condition.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | cloud_foundation | >= 3.0 < 3.10.2.2 | 3.10.2.2 |
| vmware | cloud_foundation | >= 4.0 < 4.3 | 4.3 |
| vmware | vcenter_server | — | — |
| vmware | vcenter_server | — | — |
| vmware | vcenter_server | — | — |