Severity

High

Analysis Summary

CVE-2021-22048

VMware vCenter Server could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in the IWA (Integrated Windows Authentication) authentication mechanism. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevate privileges to a higher privileged group.

Impact

• Privilege escalation

Affected Vendors

• VMware

Affected Products

• VMware vCenter Server 6.7
• VMware Cloud Foundation 3.0
• VMware Cloud Foundation 4.0
• VMware vCenter Server 7.0

Remediation

Refer to VMware advisory for the complete list of affected products and their respective patches.