CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-22018 – VMware vCenter Server Appliance Update Manager Directory Traversal Arbitrary File Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2021-22018
22 Sep 2021 — The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files. vCenter Server contiene una vulnerabilidad de eliminación arbitraria de archivos en un complemento de VMware vSphere Life-cycle Manager. Un actor malicioso con acceso de red al puerto 9087 en vCenter Server puede explotar este problema para eliminar archivos no críticos Th... • https://www.vmware.com/security/advisories/VMSA-2021-0020.html •
CVSS: 7.8EPSS: 2%CPEs: 4EXPL: 3CVE-2021-22015 – VMware vCenter Server Appliance Incorrect Permission Assignment Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-22015
22 Sep 2021 — The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance. vCenter Server contiene múltiples vulnerabilidades de escalada de privilegios locales debido a permisos inapropiados de archivos y directorios. Un usuario local autenticado con privilegios no administrativos puede explotar est... • https://packetstorm.news/files/id/170116 • CWE-552: Files or Directories Accessible to External Parties •