CVSS: 10.0EPSS: 1%CPEs: 53EXPL: 0CVE-2021-21986 – VMware Security Advisory 2021-0010
https://notcve.org/view.php?id=CVE-2021-21986
26 May 2021 — The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Server may perform actions allowed by the impacted plug-ins without authentication. VSphere Client (HTML5) contiene una vulnerabilidad en un mecanismo de autenticación de vSphere para los plugins Virtual SAN Health Check, Site Recovery,... • http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.3EPSS: 87%CPEs: 43EXPL: 1CVE-2021-21973 – VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability
https://notcve.org/view.php?id=CVE-2021-21973
24 Feb 2021 — The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2). El VSphere Client (HTML5) contie... • https://github.com/freakanonymous/CVE-2021-21973-Automateme • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 10.0EPSS: 93%CPEs: 43EXPL: 36CVE-2021-21972 – VMware vCenter Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-21972
24 Feb 2021 — The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2). El VSphere Client (HTML5) contiene una vulnerabilidad de ... • https://packetstorm.news/files/id/161695 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 58%CPEs: 233EXPL: 7CVE-2021-21974 – VMware ESXi SLP Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-21974
24 Feb 2021 — OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution. OpenSLP como es usado en ESXi (versiones 7.0 anteriores a ESXi70U1c-17325551, versiones 6.7 anteriores a ESXi670-202102401-SG, versiones 6.5 anteriores a ESXi6... • https://packetstorm.news/files/id/162957 • CWE-787: Out-of-bounds Write •