Security for everyone

CVE-2021-21973 Scanner

Detects 'Server-Side Request Forgery (SSRF)' vulnerability in VMware vCenter Server and VMware Cloud Foundation affects v. VMware vCenter Server at 7.x before 7.0 U1c, 6.7 before 6.7 U3l, 6.5 before 6.5 U3n and VMware Cloud Foundation at 4.x before 4.2, 3.x before 3.10.1.2.

SCAN NOW

Short Info


Level

Medium

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Domain, Ipv4

Parent Category

CVE-2021-21973 Scanner Detail

VMware vCenter Server and VMware Cloud Foundation are virtualization solutions that allow organizations to manage their IT infrastructure in an efficient and cost-effective manner. VMware vCenter Server acts as the central hub for managing virtual machines, providing a single point of control for tasks such as provisioning, monitoring, and scaling. Meanwhile, VMware Cloud Foundation is an integrated software stack that combines compute, storage, and networking with automation and lifecycle management capabilities.

However, these products are not without their weaknesses. One such vulnerability is CVE-2021-21973, which was recently discovered in the vSphere Client (HTML5) component of VMware vCenter Server and VMware Cloud Foundation. This vulnerability allows attackers with network access to port 443 to exploit a server-side request forgery (SSRF) flaw due to a lack of proper URL validation in a vCenter Server plugin.

If this vulnerability is successfully exploited, an attacker can gain access to sensitive information stored within the virtual environment, including virtual machines, network devices, and other resources. This information could be used for a variety of malicious purposes, such as conducting further attacks, sabotaging operations, or stealing confidential data.

By using the advanced features of the securityforeveryone.com platform, you can learn about vulnerabilities like CVE-2021-21973 in your digital assets quickly and easily. With detailed analysis and expert guidance, you can stay one step ahead of attackers and ensure that your virtual environment remains secure and reliable. So why wait? Sign up today and take control of your cybersecurity posture!

 

REFERENCES

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture