{"containers": {"cna": {"affected": [{"product": "VMware vCenter Server", "vendor": "n/a", "versions": [{"status": "affected", "version": "7.x before 7.0 U1c"}, {"status": "affected", "version": "6.7 before 6.7 U3l"}, {"status": "affected", "version": "6.5 before 6.5 U3n"}]}, {"product": "VMware Cloud Foundation", "vendor": "n/a", "versions": [{"status": "affected", "version": "4.x before 4.2"}, {"status": "affected", "version": "3.x before 3.10.1.2"}]}], "descriptions": [{"lang": "en", "value": "The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2)."}], "problemTypes": [{"descriptions": [{"description": "SSRF vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-02-24T16:42:02", "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.vmware.com/security/advisories/VMSA-2021-0002.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@vmware.com", "ID": "CVE-2021-21973", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "VMware vCenter Server", "version": {"version_data": [{"version_value": "7.x before 7.0 U1c"}, {"version_value": "6.7 before 6.7 U3l"}, {"version_value": "6.5 before 6.5 U3n"}]}}, {"product_name": "VMware Cloud Foundation", "version": {"version_data": [{"version_value": "4.x before 4.2"}, {"version_value": "3.x before 3.10.1.2"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "SSRF vulnerability"}]}]}, "references": {"reference_data": [{"name": "https://www.vmware.com/security/advisories/VMSA-2021-0002.html", "refsource": "CONFIRM", "url": "https://www.vmware.com/security/advisories/VMSA-2021-0002.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:30:23.450Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.vmware.com/security/advisories/VMSA-2021-0002.html"}]}]}, "cveMetadata": {"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "assignerShortName": "vmware", "cveId": "CVE-2021-21973", "datePublished": "2021-02-24T16:42:02", "dateReserved": "2021-01-04T00:00:00", "dateUpdated": "2024-08-03T18:30:23.450Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"cisaActionDue": "2022-03-21", "cisaExploitAdd": "2022-03-07", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*", "matchCriteriaId": "1995769A-1AB9-47FA-966A-8E82D414161E", "versionEndExcluding": "3.10.1.2", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*", "matchCriteriaId": "A608D809-6E65-4228-9207-CB470529C542", "versionEndExcluding": "4.2", "versionStartIncluding": "4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*", "matchCriteriaId": "23CFE5A5-A166-4FD5-BE97-5F16DAB1EAE0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:*", "matchCriteriaId": "CF7DDB0C-3C07-4B5E-8B8A-0542FEE72877", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:*", "matchCriteriaId": "1DD16169-A7DF-4604-888C-156A60018E32", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:*", "matchCriteriaId": "46FC9F34-C8FA-4AFE-9F4A-7CF9516BD4D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:*", "matchCriteriaId": "D26534EB-327B-4ED6-A3E1-005552CB1F9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:e:*:*:*:*:*:*", "matchCriteriaId": "786CDD50-7E18-4437-8DB9-2D0ADECD436E", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:f:*:*:*:*:*:*", "matchCriteriaId": "B2CE8DAE-0E78-4004-983D-1ECD8855EC33", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1d:*:*:*:*:*:*", "matchCriteriaId": "F72A1E9C-F960-4E8C-A46C-B38209E6349E", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1e:*:*:*:*:*:*", "matchCriteriaId": "2C33CE46-F529-4EA9-9344-6ED3BFA7019D", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1g:*:*:*:*:*:*", "matchCriteriaId": "9F1D8161-0E02-45C9-BF61-14799AB65E03", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2:*:*:*:*:*:*", "matchCriteriaId": "1F2CB1FF-6118-4875-945D-07BAA3A21FFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2b:*:*:*:*:*:*", "matchCriteriaId": "1AEDA28A-5C8E-4E95-A377-3BE530DBEAB5", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2c:*:*:*:*:*:*", "matchCriteriaId": "BDDC6510-3116-4578-80C8-8EF044A8370A", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2d:*:*:*:*:*:*", "matchCriteriaId": "8678DB48-CB98-4E4C-ADE6-CABA73265FEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2g:*:*:*:*:*:*", "matchCriteriaId": "DBD9A341-1FBF-4E04-848B-550DEB27261A", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3:*:*:*:*:*:*", "matchCriteriaId": "4955663C-1BB6-4F3E-9D4B-362DF144B7F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3d:*:*:*:*:*:*", "matchCriteriaId": "CE0F8453-3D6C-4F1C-9167-3F02E3D905DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3f:*:*:*:*:*:*", "matchCriteriaId": "0EAD4045-A7F9-464F-ABB9-3782941162CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3k:*:*:*:*:*:*", "matchCriteriaId": "2F0A79C2-33AE-40C5-A853-770A4C691F29", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*", "matchCriteriaId": "E456F84C-A86E-4EA9-9A3E-BEEA662136E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:a:*:*:*:*:*:*", "matchCriteriaId": "5241C282-A02B-44B2-B6CA-BA3A99F9737C", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:b:*:*:*:*:*:*", "matchCriteriaId": "04A60AC7-C2EA-4DBF-9743-54D708584AFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:d:*:*:*:*:*:*", "matchCriteriaId": "8A91B0C4-F184-459E-AFD3-DE0E351CC964", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update1:*:*:*:*:*:*", "matchCriteriaId": "23253631-2655-48A8-9B00-CB984232329C", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update1b:*:*:*:*:*:*", "matchCriteriaId": "50C2A9A8-0E66-4702-BCD4-74622108E7A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2:*:*:*:*:*:*", "matchCriteriaId": "EE4D3E2A-C32D-408F-B811-EF8BC86F0D34", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2a:*:*:*:*:*:*", "matchCriteriaId": "31CA7802-D78D-4BAD-A45A-68B601C010C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2c:*:*:*:*:*:*", "matchCriteriaId": "3B98981B-4721-4752-BAB4-361DB5AEB86F", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3:*:*:*:*:*:*", "matchCriteriaId": "04487105-980A-4943-9360-4442BF0411E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3a:*:*:*:*:*:*", "matchCriteriaId": "24D24E06-EB3F-4F11-849B-E66757B01466", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3b:*:*:*:*:*:*", "matchCriteriaId": "8AF12716-88E2-44B5-ACD7-BCBECA130FB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3f:*:*:*:*:*:*", "matchCriteriaId": "3352212C-E820-47B3-BDF5-57018F5B9E81", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3g:*:*:*:*:*:*", "matchCriteriaId": "6436ADFD-6B94-4D2A-B09B-CED4EC6CA276", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3j:*:*:*:*:*:*", "matchCriteriaId": "D06832CE-F946-469D-B495-6735F18D02A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*", "matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*", "matchCriteriaId": "0EE83406-A3D9-4F75-A1A6-63831CEBEEC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*", "matchCriteriaId": "FB563627-C9CF-4D8A-B882-9AB65EAE9E15", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*", "matchCriteriaId": "DCA03B2A-48B2-48AD-B8EB-9D7BB2016819", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*", "matchCriteriaId": "A2392D0F-D7A2-4E01-9212-1BA6C895AEBF", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*", "matchCriteriaId": "6D731C1A-9FE5-461C-97E2-6F45E4CBABE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*", "matchCriteriaId": "8725E544-2A94-4829-A683-1ECCE57A74A6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2)."}, {"lang": "es", "value": "El VSphere Client (HTML5) contiene una vulnerabilidad SSRF (Server Side Request Forgery) debido a una comprobaci\u00f3n inapropiada de las URL en un plugin de vCenter Server. Un actor malicioso con acceso de red al puerto 443 puede explotar este problema mediante el env\u00edo de una petici\u00f3n POST al plugin vCenter Server conllevando a una divulgaci\u00f3n de informaci\u00f3n. Esto afecta a: VMware vCenter Server (versiones 7.x anteriores a 7.0 U1c, versiones 6.7 anteriores a 6.7 U3l y versiones 6.5 anteriores a 6.5 U3n) y VMware Cloud Foundation (versiones 4.x anteriores a 4.2 y versiones 3.x anteriores a 3.10.1.2)"}], "id": "CVE-2021-21973", "lastModified": "2024-02-15T20:18:08.897", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-02-24T17:15:15.923", "references": [{"source": "security@vmware.com", "tags": ["Vendor Advisory"], "url": "https://www.vmware.com/security/advisories/VMSA-2021-0002.html"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}