CVE-2021-21993
MEDIUMVMware Cloud Foundation 3.0-5.0 and vCenter Server - Server-Side Request Forgery in Content Library
Title source: llmDescription
The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosure.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.vmware.com/security/advisories/VMSA-2021-0020.html
Scores
CVSS v3
6.5
EPSS
0.0024
EPSS Percentile
47.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-918
Status
published
Products (4)
vmware/cloud_foundation
3.0 - 5.0
vmware/vcenter_server
6.5
vmware/vcenter_server
6.7
vmware/vcenter_server
7.0
Published
Sep 23, 2021
Tracked Since
Feb 18, 2026