CVE-2021-21973

MEDIUM KEV NUCLEI

VMware vCenter Server and Cloud Foundation - Server-Side Request Forgery via vSphere Client Plugin

Title source: llm

Exploitation Summary

CVE-2021-21973 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 7, 2022. EIP tracks 1 public exploit from researchers including freakanonymous. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2021-21973, a directory traversal vulnerability in VMware vRealize Operations Manager. The exploit crafts malicious TAR archives to deploy a JSP webshell, enabling remote code execution (RCE) on vulnerable systems.

Description

The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).

Exploits (1)

nomisec WORKING POC 1 stars

by freakanonymous · remote

https://github.com/freakanonymous/CVE-2021-21973-Automateme

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2021-21973, a directory traversal vulnerability in VMware vRealize Operations Manager. The exploit crafts malicious TAR archives to deploy a JSP webshell, enabling remote code execution (RCE) on vulnerable systems.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: VMware vRealize Operations Manager (vROps)

No auth needed

Prerequisites: Network access to the target vROps instance · Vulnerable version of vROps (pre-patch)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

VMware vSphere - Server-Side Request Forgery

MEDIUMby pdteam

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://www.vmware.com/security/advisories/VMSA-2021-0002.html

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21973

Scores

CVSS v3 5.3

EPSS 0.8801

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation active

Automatable yes

Technical Impact partial

Details

CISA KEV 2022-03-07

VulnCheck KEV 2021-02-25

InTheWild.io 2022-03-07

ENISA EUVD EUVD-2021-9144

CWE

CWE-918

Status published

Products (4)

vmware/cloud_foundation 3.0 - 3.10.1.2

vmware/vcenter_server 6.5 (19 CPE variants)

vmware/vcenter_server 6.7 (15 CPE variants)

vmware/vcenter_server 7.0 (7 CPE variants)

Published Feb 24, 2021

KEV Added Mar 07, 2022

Tracked Since Feb 18, 2026