{"containers": {"cna": {"affected": [{"product": "VMware vCenter Server, VMware Cloud Foundation", "vendor": "n/a", "versions": [{"status": "affected", "version": "VMware vCenter Server(7.x before 7.0 U2c, 6.7 before 6.7 U3o and 6.5 before 6.5 U3q) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2)"}]}], "descriptions": [{"lang": "en", "value": "The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash)."}], "problemTypes": [{"descriptions": [{"description": "Local privilege escalation vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-09-22T18:59:08.000Z", "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@vmware.com", "ID": "CVE-2021-21991", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "VMware vCenter Server, VMware Cloud Foundation", "version": {"version_data": [{"version_value": "VMware vCenter Server(7.x before 7.0 U2c, 6.7 before 6.7 U3o and 6.5 before 6.5 U3q) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2)"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Local privilege escalation vulnerability"}]}]}, "references": {"reference_data": [{"name": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html", "refsource": "MISC", "url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:30:23.658Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"}]}]}, "cveMetadata": {"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "assignerShortName": "vmware", "cveId": "CVE-2021-21991", "datePublished": "2021-09-22T18:59:08.000Z", "dateReserved": "2021-01-04T00:00:00.000Z", "dateUpdated": "2024-08-03T18:30:23.658Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*", "matchCriteriaId": "127DEE95-0B04-4A98-B96A-15CC253C7357", "versionEndExcluding": "3.10.2.2", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*", "matchCriteriaId": "722CF000-C0A1-4704-BDC6-3446D1530F3B", "versionEndExcluding": "4.3", "versionStartIncluding": "4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*", "matchCriteriaId": "23CFE5A5-A166-4FD5-BE97-5F16DAB1EAE0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:*", "matchCriteriaId": "CF7DDB0C-3C07-4B5E-8B8A-0542FEE72877", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:*", "matchCriteriaId": "1DD16169-A7DF-4604-888C-156A60018E32", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:*", "matchCriteriaId": "46FC9F34-C8FA-4AFE-9F4A-7CF9516BD4D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:*", "matchCriteriaId": "D26534EB-327B-4ED6-A3E1-005552CB1F9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:e:*:*:*:*:*:*", "matchCriteriaId": "786CDD50-7E18-4437-8DB9-2D0ADECD436E", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:f:*:*:*:*:*:*", "matchCriteriaId": "B2CE8DAE-0E78-4004-983D-1ECD8855EC33", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1:*:*:*:*:*:*", "matchCriteriaId": "7E51F433-1152-4E94-AF77-970230B1A574", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1b:*:*:*:*:*:*", "matchCriteriaId": "0064D104-E0D8-481A-9029-D3726A1A9CF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1c:*:*:*:*:*:*", "matchCriteriaId": "9B4D3F61-6CD9-411F-A205-EB06A57EBB4E", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1d:*:*:*:*:*:*", "matchCriteriaId": "F72A1E9C-F960-4E8C-A46C-B38209E6349E", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1e:*:*:*:*:*:*", "matchCriteriaId": "2C33CE46-F529-4EA9-9344-6ED3BFA7019D", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update1g:*:*:*:*:*:*", "matchCriteriaId": "9F1D8161-0E02-45C9-BF61-14799AB65E03", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2:*:*:*:*:*:*", "matchCriteriaId": "1F2CB1FF-6118-4875-945D-07BAA3A21FFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2b:*:*:*:*:*:*", "matchCriteriaId": "1AEDA28A-5C8E-4E95-A377-3BE530DBEAB5", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2c:*:*:*:*:*:*", "matchCriteriaId": "BDDC6510-3116-4578-80C8-8EF044A8370A", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2d:*:*:*:*:*:*", "matchCriteriaId": "8678DB48-CB98-4E4C-ADE6-CABA73265FEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update2g:*:*:*:*:*:*", "matchCriteriaId": "DBD9A341-1FBF-4E04-848B-550DEB27261A", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3:*:*:*:*:*:*", "matchCriteriaId": "4955663C-1BB6-4F3E-9D4B-362DF144B7F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3d:*:*:*:*:*:*", "matchCriteriaId": "CE0F8453-3D6C-4F1C-9167-3F02E3D905DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3f:*:*:*:*:*:*", "matchCriteriaId": "0EAD4045-A7F9-464F-ABB9-3782941162CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3k:*:*:*:*:*:*", "matchCriteriaId": "2F0A79C2-33AE-40C5-A853-770A4C691F29", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3n:*:*:*:*:*:*", "matchCriteriaId": "D8BB6CBC-11D6-40A4-ABAF-53AB9BED5A73", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:update3p:*:*:*:*:*:*", "matchCriteriaId": "26A3EC15-8C04-49AD-9045-4D9FADBD50CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:*:*:*:*:*:*:*", "matchCriteriaId": "EEF33103-ECDD-427B-A445-2D7F90202FCB", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*", "matchCriteriaId": "E456F84C-A86E-4EA9-9A3E-BEEA662136E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:a:*:*:*:*:*:*", "matchCriteriaId": "5241C282-A02B-44B2-B6CA-BA3A99F9737C", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:b:*:*:*:*:*:*", "matchCriteriaId": "04A60AC7-C2EA-4DBF-9743-54D708584AFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:d:*:*:*:*:*:*", "matchCriteriaId": "8A91B0C4-F184-459E-AFD3-DE0E351CC964", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update1:*:*:*:*:*:*", "matchCriteriaId": "23253631-2655-48A8-9B00-CB984232329C", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update1b:*:*:*:*:*:*", "matchCriteriaId": "50C2A9A8-0E66-4702-BCD4-74622108E7A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2:*:*:*:*:*:*", "matchCriteriaId": "EE4D3E2A-C32D-408F-B811-EF8BC86F0D34", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2a:*:*:*:*:*:*", "matchCriteriaId": "31CA7802-D78D-4BAD-A45A-68B601C010C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update2c:*:*:*:*:*:*", "matchCriteriaId": "3B98981B-4721-4752-BAB4-361DB5AEB86F", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3:*:*:*:*:*:*", "matchCriteriaId": "04487105-980A-4943-9360-4442BF0411E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3a:*:*:*:*:*:*", "matchCriteriaId": "24D24E06-EB3F-4F11-849B-E66757B01466", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3b:*:*:*:*:*:*", "matchCriteriaId": "8AF12716-88E2-44B5-ACD7-BCBECA130FB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3f:*:*:*:*:*:*", "matchCriteriaId": "3352212C-E820-47B3-BDF5-57018F5B9E81", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3g:*:*:*:*:*:*", "matchCriteriaId": "6436ADFD-6B94-4D2A-B09B-CED4EC6CA276", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3j:*:*:*:*:*:*", "matchCriteriaId": "D06832CE-F946-469D-B495-6735F18D02A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3l:*:*:*:*:*:*", "matchCriteriaId": "726AC46D-9EA8-4FE8-94B8-0562935458F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3m:*:*:*:*:*:*", "matchCriteriaId": "0243D22F-1591-4A95-A7FE-2658CEE0C08F", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:update3n:*:*:*:*:*:*", "matchCriteriaId": "02AE5983-CD14-4EAF-9F5C-1281E3DE7F46", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*", "matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*", "matchCriteriaId": "0EE83406-A3D9-4F75-A1A6-63831CEBEEC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*", "matchCriteriaId": "FB563627-C9CF-4D8A-B882-9AB65EAE9E15", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*", "matchCriteriaId": "DCA03B2A-48B2-48AD-B8EB-9D7BB2016819", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*", "matchCriteriaId": "A2392D0F-D7A2-4E01-9212-1BA6C895AEBF", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*", "matchCriteriaId": "6D731C1A-9FE5-461C-97E2-6F45E4CBABE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*", "matchCriteriaId": "8725E544-2A94-4829-A683-1ECCE57A74A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*", "matchCriteriaId": "0FC6765A-6584-45A8-9B21-4951D2EA8939", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*", "matchCriteriaId": "85DD238C-EF73-44F0-928E-A94FF5C4B378", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*", "matchCriteriaId": "F4CA36C1-732E-41AE-B847-F7411B753F3D", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*", "matchCriteriaId": "0DA882B6-D811-4E4B-B614-2D48F0B9036E", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*", "matchCriteriaId": "8D30A78E-16D0-4A2E-A2F8-F6073698243E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash)."}, {"lang": "es", "value": "vCenter Server contiene una vulnerabilidad de escalada de privilegios local debido a la forma en que maneja los tokens de sesi\u00f3n. Un actor malicioso con acceso de usuario no administrativo en el host de vCenter Server puede explotar este problema para escalar los privilegios a administrador en vSphere Client (HTML5) o vCenter Server vSphere Web Client (FLEX/Flash)"}], "id": "CVE-2021-21991", "lastModified": "2024-11-21T05:49:23.853", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-09-22T19:15:09.093", "references": [{"source": "security@vmware.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}