Severity

High

Analysis Summary

CVE-2021-22049

VMware vCenter Server is vulnerable to server-side request forgery. By accessing a URL request outside of vCenter Server or accessing an internal service, a remote attacker could exploit this vulnerability to conduct an SSRF attack.

CVE-2021-21980

VMware vCenter Server could allow a remote attacker to obtain sensitive information. A remote attacker could exploit this vulnerability to read arbitrary files on the system.

Impact

• Unauthorized Access
• Information Disclosure

Affected Vendors

• VMware

Affected Products

• VMware vCenter Server 6.5
• VMware vCenter Server 6.7
• VMware Cloud Foundation (vCenter) 3.0

Remediation

Refer to VMware Security Advisory for patch, upgrade, or suggested workaround information.