CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2021-22005

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score25.7160%
EPSS Percentile92.12th
Published2021年9月23日
Last Modified2025年10月30日

Vulnerability Description

The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.

Affected Platforms (CPE)

📦
Vmware

Cloud Foundation

>= 3.0 and < 5.0
📦
Vmware

Vcenter Server

= 6.5
📦
Vmware

Vcenter Server

= 6.7
📦
Vmware

Vcenter Server

= 7.0

References & Advisories

🔗 http://packetstormsecurity.com/files/164439/VMware-vCenter-Server-Analytics-CEIP-Service-File-Upload.html
🔗 https://www.vmware.com/security/advisories/VMSA-2021-0020.html
🔗 http://packetstormsecurity.com/files/164439/VMware-vCenter-Server-Analytics-CEIP-Service-File-Upload.html
🔗 https://www.vmware.com/security/advisories/VMSA-2021-0020.html
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22005

相關漏洞威脅

CVE-2020-1184410.0

Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Ma...

CVE-2017-49929.8

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17...

CVE-2021-219729.8

The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with netwo...

CVE-2016-66559.8

An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions pri...