Known Vulnerabilities for Vcenter Server by Vmware
Listed below are 10 of the newest known vulnerabilities associated with "Vcenter Server" by "Vmware".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-22982 | The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 ... | 7.5 - HIGH | 2022-07-13 | 2022-07-20 |
| CVE-2022-22948 | The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor wi... | 6.5 - MEDIUM | 2022-03-29 | 2022-04-08 |
| CVE-2021-21993 | The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter... | 6.5 - MEDIUM | 2021-09-23 | 2021-09-27 |
| CVE-2021-21992 | The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-... | 6.5 - MEDIUM | 2021-09-22 | 2022-07-12 |
| CVE-2021-21991 | The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious ... | 7.8 - HIGH | 2021-09-22 | 2022-07-12 |
| CVE-2021-21986 | The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, S... | 9.8 - CRITICAL | 2021-05-26 | 2022-07-12 |
| CVE-2021-21985 | The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN ... | 9.8 - CRITICAL | 2021-05-26 | 2021-09-14 |
| CVE-2021-21980 | The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with networ... | 7.5 - HIGH | 2021-11-24 | 2022-07-12 |
| CVE-2021-21973 | The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in... | 5.3 - MEDIUM | 2021-02-24 | 2021-08-24 |
| CVE-2021-21972 | The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with ... | 9.8 - CRITICAL | 2021-02-24 | 2023-08-08 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Vmware | Vcenter Server | 6.7 | u3a | All | All |
| Application | Vmware | Vcenter Server | 6.7 | All | All | All |
| Application | Vmware | Vcenter Server | 6.7 | - | All | All |
| Application | Vmware | Vcenter Server | 6.7 | a | All | All |
| Application | Vmware | Vcenter Server | 6.7 | b | All | All |
| Application | Vmware | Vcenter Server | 6.7 | d | All | All |
| Application | Vmware | Vcenter Server | 6.7 | u1 | All | All |
| Application | Vmware | Vcenter Server | 6.7 | u1b | All | All |
| Application | Vmware | Vcenter Server | 6.7 | u2 | All | All |
| Application | Vmware | Vcenter Server | 6.7 | u2a | All | All |
| Application | Vmware | Vcenter Server | 6.7 | u2c | All | All |
| Application | Vmware | Vcenter Server | 6.7 | u3 | All | All |
| Application | Vmware | Vcenter Server | 6.5 | e | All | All |
| Application | Vmware | Vcenter Server | 6.5 | - | All | All |
| Application | Vmware | Vcenter Server | 6.5 | 1 | All | All |
| Application | Vmware | Vcenter Server | 6.5 | 1b | All | All |
| Application | Vmware | Vcenter Server | 6.5 | 1c | All | All |
| Application | Vmware | Vcenter Server | 6.5 | a | All | All |
| Application | Vmware | Vcenter Server | 6.5 | b | All | All |
| Application | Vmware | Vcenter Server | 6.5 | c | All | All |