CVE-2021-22007
https://notcve.org/view.php?id=CVE-2021-22007
The vCenter Server contains a local information disclosure vulnerability in the Analytics service. • https://www.vmware.com/security/advisories/VMSA-2021-0020.html •
CVE-2021-21993
https://notcve.org/view.php?id=CVE-2021-21993
An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosure. vCenter Server contiene una vulnerabilidad de tipo SSRF (Server Side Request Forgery) debido a una comprobación inapropiada de las URL en la biblioteca de contenidos del servidor vCenter. • https://www.vmware.com/security/advisories/VMSA-2021-0020.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2021-22008 – VMware vCenter Server Appliance Missing Authentication Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-22008
The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. ... Un actor malicioso con acceso de red al puerto 443 en vCenter Server puede explotar este problema mediante el envío de un mensaje json-rpc especialmente diseñado para conseguir acceso a información confidencial This vulnerability allows remote attackers to disclose sensitive information on affected installations of VMware vCenter Server Appliance. • https://www.vmware.com/security/advisories/VMSA-2021-0020.html •
CVE-2021-22027
https://notcve.org/view.php?id=CVE-2021-22027
An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure. • https://www.vmware.com/security/advisories/VMSA-2021-0018.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2021-22026
https://notcve.org/view.php?id=CVE-2021-22026
An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure. • https://www.vmware.com/security/advisories/VMSA-2021-0018.html • CWE-918: Server-Side Request Forgery (SSRF) •