CVE-2021-22007 - OpenCVE

The vCenter Server contains a local information disclosure vulnerability in the Analytics service. An authenticated user with non-administrative privilege may exploit this issue to gain access to sensitive information.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Vmware	Cloud Foundation Vcenter Server

Configuration 1 [-]

OR	cpe:2.3:a:vmware:cloud_foundation::::::::
	cpe:2.3:a:vmware:vcenter_server:6.7:-::::::
	cpe:2.3:a:vmware:vcenter_server:7.0:-::::::

No data.

References

Link	Providers
https://www.vmware.com/security/advisories/VMSA-2021-0020.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: vmware

Published: 2021-09-23T11:41:21

Updated: 2024-08-03T18:30:23.607Z

Reserved: 2021-01-04T00:00:00

Link: CVE-2021-22007

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-09-23T12:15:07.803

Modified: 2022-07-12T17:42:04.277

Link: CVE-2021-22007

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "VMware vCenter Server, VMware Cloud Foundation", "vendor": "n/a", "versions": [{"status": "affected", "version": "VMware vCenter Server(7.x before 7.0 U2c and 6.7 before 6.7 U3o) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2)"}]}], "descriptions": [{"lang": "en", "value": "The vCenter Server contains a local information disclosure vulnerability in the Analytics service. An authenticated user with non-administrative privilege may exploit this issue to gain access to sensitive information."}], "problemTypes": [{"descriptions": [{"description": "Local information disclosure vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-09-23T11:41:21", "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@vmware.com", "ID": "CVE-2021-22007", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "VMware vCenter Server, VMware Cloud Foundation", "version": {"version_data": [{"version_value": "VMware vCenter Server(7.x before 7.0 U2c and 6.7 before 6.7 U3o) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2)"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The vCenter Server contains a local information disclosure vulnerability in the Analytics service. An authenticated user with non-administrative privilege may exploit this issue to gain access to sensitive information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Local information disclosure vulnerability"}]}]}, "references": {"reference_data": [{"name": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html", "refsource": "MISC", "url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:30:23.607Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"}]}]}, "cveMetadata": {"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "assignerShortName": "vmware", "cveId": "CVE-2021-22007", "datePublished": "2021-09-23T11:41:21", "dateReserved": "2021-01-04T00:00:00", "dateUpdated": "2024-08-03T18:30:23.607Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*", "matchCriteriaId": "5071E0B4-FE4B-4525-BAF6-3900D9C8D48D", "versionEndExcluding": "5.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*", "matchCriteriaId": "E456F84C-A86E-4EA9-9A3E-BEEA662136E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*", "matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The vCenter Server contains a local information disclosure vulnerability in the Analytics service. An authenticated user with non-administrative privilege may exploit this issue to gain access to sensitive information."}, {"lang": "es", "value": "vCenter Server contiene una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n local en el servicio Analytics. Un usuario autenticado con privilegios no administrativos puede explotar este problema para conseguir acceso a informaci\u00f3n confidencial"}], "id": "CVE-2021-22007", "lastModified": "2022-07-12T17:42:04.277", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-09-23T12:15:07.803", "references": [{"source": "security@vmware.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}