CVE-2021-21993
Description
The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosure.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.245
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in VMware vCenter 6.5 | Windows |
| Multiple Vulnerabilities are affected in VMware vCenter 6.7 | Windows |
| Multiple Vulnerabilities are affected in VMware vCenter 7.0 | Windows |
| Multiple Vulnerabilities are affected in VMware vCenter Server 6.5 | Windows |
| Multiple Vulnerabilities are affected in VMware vCenter Server 6.7 | Windows |
| Multiple Vulnerabilities are affected in VMware vCenter Server 7.0 | Windows |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234