CyberSec.Space Logo
Back to CVE Browser

CVE-2021-22005

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score25.7160%
EPSS Percentile92.12th
PublishedSep 23, 2021
Last ModifiedOct 30, 2025

Vulnerability Description

The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.

Affected Platforms (CPE)

πŸ“¦
Vmware

Cloud Foundation

>= 3.0 and < 5.0
πŸ“¦
Vmware

Vcenter Server

= 6.5
πŸ“¦
Vmware

Vcenter Server

= 6.7
πŸ“¦
Vmware

Vcenter Server

= 7.0

References & Advisories

πŸ”— http://packetstormsecurity.com/files/164439/VMware-vCenter-Server-Analytics-CEIP-Service-File-Upload.html
πŸ”— https://www.vmware.com/security/advisories/VMSA-2021-0020.html
πŸ”— http://packetstormsecurity.com/files/164439/VMware-vCenter-Server-Analytics-CEIP-Service-File-Upload.html
πŸ”— https://www.vmware.com/security/advisories/VMSA-2021-0020.html
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22005

Related Vulnerabilities

CVE-2020-1184410.0

Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Ma...

CVE-2017-49929.8

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17...

CVE-2021-219729.8

The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with netwo...

CVE-2016-66559.8

An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions pri...