CVE-2021-21980

The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vmwareCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
VendorProductVersion
vmwarecloud_foundation
3.0
vmwarevcenter_server
6.5
vmwarevcenter_server
6.5:update_1
vmwarevcenter_server
6.5:update_1b
vmwarevcenter_server
6.5:update_1c
vmwarevcenter_server
6.5:update_1d
vmwarevcenter_server
6.5:update_1e
vmwarevcenter_server
6.5:update_1g
vmwarevcenter_server
6.5:update_2
vmwarevcenter_server
6.5:update_2b
vmwarevcenter_server
6.5:update_2c
vmwarevcenter_server
6.5:update_2d
vmwarevcenter_server
6.5:update_2g
vmwarevcenter_server
6.5:update_3
vmwarevcenter_server
6.5:update_3d
vmwarevcenter_server
6.5:update_3f
vmwarevcenter_server
6.5:update_3k
vmwarevcenter_server
6.5:update_3n
vmwarevcenter_server
6.5:update_3p
vmwarevcenter_server
6.5:update_3q
vmwarevcenter_server
6.7
vmwarevcenter_server
6.7:update_1
vmwarevcenter_server
6.7:update_1b
vmwarevcenter_server
6.7:update_2
vmwarevcenter_server
6.7:update_2a
vmwarevcenter_server
6.7:update_2c
vmwarevcenter_server
6.7:update_3
vmwarevcenter_server
6.7:update_3a
vmwarevcenter_server
6.7:update_3b
vmwarevcenter_server
6.7:update_3f
vmwarevcenter_server
6.7:update_3g
vmwarevcenter_server
6.7:update_3j
vmwarevcenter_server
6.7:update_3l
vmwarevcenter_server
6.7:update_3m
vmwarevcenter_server
6.7:update_3n
vmwarevcenter_server
6.7:update_3o
𝑥
= Vulnerable software versions
References
https://www.vmware.com/security/advisories/VMSA-2021-0027.html
https://www.vmware.com/security/advisories/VMSA-2021-0027.html