CVE-2021-21985 – VMware vCenter Server Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2021-21985
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. VSphere Client (HTML5) contiene una vulnerabilidad de ejecución de código remota debido a una falta de comprobación de entrada en el plugin Virtual SAN Health Check, que está habilitado por defecto en vCenter Server. Un actor malicioso con acceso de red al puerto 443 puede explotar este problema para ejecutar comandos con privilegios ilimitados en el sistema operativo subyacente que aloja a vCenter Server VMware vSphere Client contains an improper input validation vulnerability in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server, which allows for remote code execution. • https://github.com/daedalus/CVE-2021-21985 https://github.com/onSec-fr/CVE-2021-21985-Checker https://github.com/aristosMiliaressis/CVE-2021-21985 https://github.com/bigbroke/CVE-2021-21985 https://github.com/mauricelambert/CVE-2021-21985 https://github.com/haidv35/CVE-2021-21985 http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html http://packetstormsecurity.com/files/163487/VMware-vCenter-Server-Virtual-SAN-Health-Check-Remote-Code-Execution.html https://www.vmwar • CWE-20: Improper Input Validation •
CVE-2021-26987
https://notcve.org/view.php?id=CVE-2021-26987
Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Remote Code Execution. All versions of Element Plug-in for vCenter Server, Management Services versions prior to 2.17.56 and Management Node versions through 12.2 contain vulnerable versions of SpringBoot Framework. Element Plug-in para vCenter Server incorpora SpringBoot Framework. Las versiones de SpringBoot Framework anteriores a 1.3.2 son susceptibles a una vulnerabilidad que, cuando es explotada con éxito, podría conllevar a una ejecución de código remota. • https://security.netapp.com/advisory/ntap-20210315-0001 •
CVE-2021-21973 – VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability
https://notcve.org/view.php?id=CVE-2021-21973
The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2). El VSphere Client (HTML5) contiene una vulnerabilidad SSRF (Server Side Request Forgery) debido a una comprobación inapropiada de las URL en un plugin de vCenter Server. Un actor malicioso con acceso de red al puerto 443 puede explotar este problema mediante el envío de una petición POST al plugin vCenter Server conllevando a una divulgación de información. • https://github.com/freakanonymous/CVE-2021-21973-Automateme https://www.vmware.com/security/advisories/VMSA-2021-0002.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2021-21972 – VMware vCenter Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-21972
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2). El VSphere Client (HTML5) contiene una vulnerabilidad de ejecución de código remota en un plugin de vCenter Server. Un actor malicioso con acceso de red al puerto 443 puede explotar este problema para ejecutar comandos con privilegios no restringidos en el sistema operativo subyacente que aloja vCenter Server. • https://www.exploit-db.com/exploits/50056 https://www.exploit-db.com/exploits/49602 https://github.com/NS-Sp4ce/CVE-2021-21972 https://github.com/horizon3ai/CVE-2021-21972 https://github.com/QmF0c3UK/CVE-2021-21972-vCenter-6.5-7.0-RCE-POC https://github.com/alt3kx/CVE-2021-21972 https://github.com/milo2012/CVE-2021-21972 https://github.com/B1anda0/CVE-2021-21972 https://github.com/TaroballzChen/CVE-2021-21972 https://github.com/GuayoyoCyber/CVE-2021-21972 https • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2020-27216 – jetty: local temporary directory hijacking vulnerability
https://notcve.org/view.php?id=CVE-2020-27216
In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. En Eclipse Jetty versiones 1.0 hasta 9.4.32.v20200930, versiones 10.0.0.alpha1 hasta 10.0.0.beta2 y versiones 11.0.0.alpha1 hasta 11.0.0.beta2O, en sistemas similares a Unix, el directorio temporal del sistema es compartido entre todos los usuarios en ese sistema. • https://bugs.eclipse.org/bugs/show_bug.cgi?id=567921 https://github.com/eclipse/jetty.project/security/advisories/GHSA-g3wg-6mcf-8jj6#advisory-comment-63053 https://lists.apache.org/thread.html/r0259b14ae69b87821e27fed1f5333ea86018294fd31aab16b1fac84e%40%3Cissues.beam.apache.org%3E https://lists.apache.org/thread.html/r07525dc424ed69b3919618599e762f9ac03791490ca9d724f2241442%40%3Cdev.felix.apache.org%3E https://lists.apache.org/thread.html/r09b345099b4f88d2bed7f195a96145849243fb4e53661aa3bcf4c176%40%3Cissues.zookeeper.apache.org%3E https://lists.apache. • CWE-377: Insecure Temporary File CWE-378: Creation of Temporary File With Insecure Permissions CWE-379: Creation of Temporary File in Directory with Insecure Permissions •