CVE-2021-22006

EUVD-2021-9175
The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to access restricted endpoints.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
Affected Products (NVD)
VendorProductVersion
vmwarecloud_foundation
3.0 ≤
𝑥
< 5.0
vmwarevcenter_server
6.7
vmwarevcenter_server
7.0
𝑥
= Vulnerable software versions
References
https://www.vmware.com/security/advisories/VMSA-2021-0020.html
https://www.vmware.com/security/advisories/VMSA-2021-0020.html