CVE-2021-21980

HIGH EXPLOITED IN THE WILD

vSphere Web Client - Info Disclosure

Title source: llm

Description

The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.

Exploits (6)

nomisec SUSPICIOUS 6 stars

by Osyanina · poc

https://github.com/Osyanina/westone-CVE-2021-21980-scanner

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by pratikjojode · infoleak

https://github.com/pratikjojode/vcenter-cve-2021-21980-lab

View Code ZIP pw:eip

nomisec WORKING POC

by gui2000guix-ui · infoleak

https://github.com/gui2000guix-ui/cve-2021-21980-mock-server

View Code ZIP pw:eip

nomisec NO CODE

by gui2000guix-ui · poc

https://github.com/gui2000guix-ui/cve-2021-21980-nuclei-poc

View Code ZIP pw:eip

nomisec NO CODE

by pkxk5pr6m2-web · poc

https://github.com/pkxk5pr6m2-web/cve-2021-21980-nuclei-poc

View Code ZIP pw:eip

nomisec SCANNER

by Osyanina · poc

https://github.com/Osyanina/westone-CVE-2022-1388-scanner

View Code ZIP pw:eip

References (1)

[Patch, Vendor Advisory] https://www.vmware.com/security/advisories/VMSA-2021-0027.html

Scores

CVSS v3 7.5

EPSS 0.0779

EPSS Percentile 92.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2022-05-31

InTheWild.io 2022-05-31

Status published

Products (3)

vmware/cloud_foundation 3.0

vmware/vcenter_server 6.5 (19 CPE variants)

vmware/vcenter_server 6.7 (16 CPE variants)

Published Nov 24, 2021

Tracked Since Feb 18, 2026