CVE-2021-22101 — Uncontrolled Resource Consumption in Capi-release
Severity
7.5HIGHNVD
EPSS
1.0%
top 23.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 27
Latest updateMay 24
Description
Cloud Controller versions prior to 1.118.0 are vulnerable to unauthenticated denial of Service(DoS) vulnerability allowing unauthenticated attackers to cause denial of service by using REST HTTP requests with label_selectors on multiple V3 endpoints by generating an enormous SQL query.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6
Affected Packages2 packages
🔴Vulnerability Details
2📋Vendor Advisories
1VMware▶
VMware Tanzu Application Service for VMs updates address a denial-of-service vulnerability (CVE-2021-22101)↗2021-11-11