Page 7 of 39 results (0.010 seconds)

CVSS: 10.0EPSS: 0%CPEs: 53EXPL: 0

The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Server may perform actions allowed by the impacted plug-ins without authentication. VSphere Client (HTML5) contiene una vulnerabilidad en un mecanismo de autenticación de vSphere para los plugins Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager y VMware Cloud Director Availability. Un actor malicioso con acceso de red al puerto 443 en vCenter Server puede llevar a cabo acciones permitidas por los plugins afectados sin autenticación • http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html https://www.vmware.com/security/advisories/VMSA-2021-0010.html • CWE-306: Missing Authentication for Critical Function •

CVSS: 10.0EPSS: 97%CPEs: 53EXPL: 7

The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. VSphere Client (HTML5) contiene una vulnerabilidad de ejecución de código remota debido a una falta de comprobación de entrada en el plugin Virtual SAN Health Check, que está habilitado por defecto en vCenter Server. Un actor malicioso con acceso de red al puerto 443 puede explotar este problema para ejecutar comandos con privilegios ilimitados en el sistema operativo subyacente que aloja a vCenter Server VMware vSphere Client contains an improper input validation vulnerability in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server, which allows for remote code execution. • https://github.com/daedalus/CVE-2021-21985 https://github.com/onSec-fr/CVE-2021-21985-Checker https://github.com/aristosMiliaressis/CVE-2021-21985 https://github.com/bigbroke/CVE-2021-21985 https://github.com/mauricelambert/CVE-2021-21985 https://github.com/haidv35/CVE-2021-21985 http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html http://packetstormsecurity.com/files/163487/VMware-vCenter-Server-Virtual-SAN-Health-Check-Remote-Code-Execution.html https://www.vmwar • CWE-20: Improper Input Validation •

CVSS: 5.3EPSS: 14%CPEs: 43EXPL: 1

The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2). El VSphere Client (HTML5) contiene una vulnerabilidad SSRF (Server Side Request Forgery) debido a una comprobación inapropiada de las URL en un plugin de vCenter Server. Un actor malicioso con acceso de red al puerto 443 puede explotar este problema mediante el envío de una petición POST al plugin vCenter Server conllevando a una divulgación de información. • https://github.com/freakanonymous/CVE-2021-21973-Automateme https://www.vmware.com/security/advisories/VMSA-2021-0002.html • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 10.0EPSS: 97%CPEs: 43EXPL: 24

The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2). El VSphere Client (HTML5) contiene una vulnerabilidad de ejecución de código remota en un plugin de vCenter Server. Un actor malicioso con acceso de red al puerto 443 puede explotar este problema para ejecutar comandos con privilegios no restringidos en el sistema operativo subyacente que aloja vCenter Server. • https://www.exploit-db.com/exploits/50056 https://www.exploit-db.com/exploits/49602 https://github.com/NS-Sp4ce/CVE-2021-21972 https://github.com/horizon3ai/CVE-2021-21972 https://github.com/QmF0c3UK/CVE-2021-21972-vCenter-6.5-7.0-RCE-POC https://github.com/alt3kx/CVE-2021-21972 https://github.com/milo2012/CVE-2021-21972 https://github.com/B1anda0/CVE-2021-21972 https://github.com/TaroballzChen/CVE-2021-21972 https://github.com/GuayoyoCyber/CVE-2021-21972 https • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.3EPSS: 0%CPEs: 229EXPL: 0

VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3. VMware ESXi y vCenter Server, contienen una vulnerabilidad de denegación de servicio parcial en sus respectivos servicios de autenticación. VMware ha evaluado que la gravedad de este problema se encuentra en el rango de gravedad Moderada con una puntuación base máxima de CVSSv3 de 5.3. • https://www.vmware.com/security/advisories/VMSA-2020-0018.html • CWE-400: Uncontrolled Resource Consumption •