CVE-2021-22049

Summary

CVE	CVE-2021-22049
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-11-24 17:15:00 UTC
Updated	2021-11-30 07:14:00 UTC
Description	The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.

Risk And Classification

Problem Types: CWE-918

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Vmware	Vcenter Server	6.5	-	All	All
Application	Vmware	Vcenter Server	6.7	-	All	All
Application	Vmware	Vcenter Server	7.0	-	All	All

References

Reference	Source	Link	Tags
VMSA-2021-0027	MISC	www.vmware.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

216270 VMware vCenter Server 6.7 Update 6.7 U3P (VMSA-2021-0027)
216271 VMware vCenter Server 6.5 Update 6.5 U3R (VMSA-2021-0027)