CyberSec.Space Logo
CVEブラウザに戻る

CVE-2021-22017

Known Exploited (CISA KEV)MEDIUM
5.3
CVSS Severity Score
EPSS Score42.9240%
EPSS Percentile93.99th
Published2021年9月23日
Last Modified2025年10月30日

Vulnerability Description

Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to bypass proxy leading to internal endpoints being accessed.

Affected Platforms (CPE)

📦
Vmware

Vcenter Server

= 6.7

References & Advisories

🔗 https://www.vmware.com/security/advisories/VMSA-2021-0020.html
🔗 https://www.vmware.com/security/advisories/VMSA-2021-0020.html
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22017

関連する脆弱性情報

CVE-2015-234210.0

The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict re...

CVE-2013-140510.0

VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Up...

CVE-2021-219729.8

The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with netwo...

CVE-2020-39529.8

Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Contro...

CVE-2021-22017 Detail & Impact Analysis | CVSS 5.3 (MEDIUM) | Cyber-Sec.Space | Cyber-Sec.Space