Coming Soon...

Q-CERT website is currently under maintenance. We should be back shortly. Thank you for yor patience.

VMware vCenter Server updates address multiple security vulnerabilities

Issued: 
Tuesday, 5 October, 2021
Last Revision: 
Tuesday, 5 October, 2021
Vendor: 
VMware
Product: 
vCenter Server and Cloud Foundation
Severity Level: 
High
Summary: 

VMware published a security advisory addressing 19 vulnerabilities impacte VMware vCenter Server (vCenter Server) and VMware Cloud Foundation (Cloud Foundation).

 

In addition to VMware has confirmed reports that CVE-2021-22005 is being exploited in the wild.

 

 

CVE

                    Description 

CVSS3.0 Score

CVE-2021-22005

vCenter Server file upload vulnerability

9.8

CVE-2021-21991vCenter Server local privilege escalation vulnerability8.8
CVE-2021-22006vCenter Server reverse proxy bypass vulnerability8.3
CVE-2021-22011vCenter server unauthenticated API endpoint vulnerability8.1
CVE-2021-22015vCenter Server improper permission local privilege escalation vulnerabilities7.8
CVE-2021-22012vCenter Server unauthenticated API information disclosure vulnerability7.5
CVE-2021-22013vCenter Server file path traversal vulnerability7.5
CVE-2021-22016vCenter Server reflected XSS vulnerability7.5
CVE-2021-22017vCenter Server rhttpproxy bypass vulnerability7.3
CVE-2021-22014vCenter Server authenticated code execution vulnerability7.2
CVE-2021-22018vCenter Server file deletion vulnerability6.5
CVE-2021-21992vCenter Server XML parsing denial-of-service6.5
CVE-2021-22007vCenter Server local information disclosure vulnerability5.5
CVE-2021-22019vCenter Server denial of service vulnerability5.3
CVE-2021-22009vCenter Server VAPI multiple denial of service vulnerabilities5.3
CVE-2021-22010vCenter Server VPXD denial of service vulnerability5.3
CVE-2021-22008vCenter Server information disclosure vulnerability5.3
CVE-2021-22020vCenter Server Analytics service denial-of-service Vulnerability5.0
CVE-2021-21993vCenter Server SSRF vulnerability4.3

 

 

                                                                    Table 1: Vulnerability details

 

Recommendation: 

Organization using affected products are advised to immediately apply the vendor updates.

References: 
VMware vCenter Server updates address multiple security vulnerabilities