Description
The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructure). An authenticated VAMI user with network access to port 5480 on vCenter Server may exploit this issue to execute code on the underlying operating system that hosts vCenter Server.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.vmware.com/security/advisories/VMSA-2021-0020.html
Scores
CVSS v3
7.2
EPSS
0.0116
EPSS Percentile
78.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (4)
vmware/cloud_foundation
3.0 - 5.0
vmware/vcenter_server
6.5
vmware/vcenter_server
6.7
vmware/vcenter_server
7.0
Published
Sep 23, 2021
Tracked Since
Feb 18, 2026