Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-21992

Опубликовано: 22 сент. 2021
Источник: nvd
CVSS3: 6.5
CVSS2: 6.8
EPSS Низкий

Описание

The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash) may exploit this issue to create a denial-of-service condition on the vCenter Server host.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*
Версия от 3.0 (включая) до 3.10.2.2 (исключая)
cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*
Версия от 4.0 (включая) до 4.3 (исключая)
cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:e:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:f:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update1:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update1b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update1c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update1d:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update1e:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update1g:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update2:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update2b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update2c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update2d:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update2g:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update3:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update3d:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update3f:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update3k:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update3n:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update3p:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:d:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update1:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update1b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update2:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update2a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update2c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update3:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update3a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update3b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update3f:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update3g:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update3j:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update3l:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update3m:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update3n:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*

EPSS

Процентиль: 75%
0.00896
Низкий

6.5 Medium

CVSS3

6.8 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

github логотип

GHSA-mhm3-qvq8-3fc6

CVSS3: 6.5
github
больше 3 лет назад

The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash) may exploit this issue to create a denial-of-service condition on the vCenter Server host.

fstec логотип

BDU:2021-04979

CVSS3: 6.5
fstec
больше 4 лет назад

Уязвимость средства управления виртуальной инфраструктурой VMware vCenter Server, связанная с некорректным синтаксическим анализом XML-объектов, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 75%
0.00896
Низкий

6.5 Medium

CVSS3

6.8 Medium

CVSS2

Дефекты

NVD-CWE-noinfo