Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-21980

Опубликовано: 24 нояб. 2021
Источник: nvd
CVSS3: 7.5
CVSS2: 5
EPSS Низкий

Описание

The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:vmware:cloud_foundation:3.0:-:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update_1:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update_1b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update_1c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update_1d:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update_1e:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update_1g:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update_2:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update_2b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update_2c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update_2d:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update_2g:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update_3:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update_3d:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update_3f:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update_3k:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update_3n:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update_3p:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update_3q:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update_1:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update_1b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update_2:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update_2a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update_2c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update_3:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update_3a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update_3b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update_3f:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update_3g:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update_3j:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update_3l:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update_3m:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update_3n:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update_3o:*:*:*:*:*:*

EPSS

Процентиль: 92%
0.08288
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

github логотип

GHSA-j86w-wm9c-rcfm

CVSS3: 7.5
github
около 4 лет назад

The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.

fstec логотип

BDU:2021-05863

CVSS3: 7.5
fstec
около 4 лет назад

Уязвимость компонента vSphere Web Client (FLEX/Flash) средств управления виртуальной инфраструктурой Vmware vCenter Server и VMware Cloud Foundation, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 92%
0.08288
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo