CVE-2021-22008

Description

The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information.

Risk Information

Base Score

7.5

MODERATE

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score

Exploitation Probability

0.688

Associated Vulnerability

Vulnerability	OS Platform
Multiple Vulnerabilities are affected in VMware vCenter 6.5	Windows
Multiple Vulnerabilities are affected in VMware vCenter 6.7	Windows
Multiple Vulnerabilities are affected in VMware vCenter 7.0	Windows
Multiple Vulnerabilities are affected in VMware vCenter Server 6.5	Windows
Multiple Vulnerabilities are affected in VMware vCenter Server 6.7	Windows
Multiple Vulnerabilities are affected in VMware vCenter Server 7.0	Windows

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234