CVE-2021-21973

VMware | vCenter Server and Cloud FoundationAdded 2022-03-07Remediation Deadline 2022-03-21

VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability

VMware vCenter Server and Cloud Foundation Server contain a SSRF vulnerability due to improper validation of URLs in a vCenter Server plugin. This allows for information disclosure.

Required Action

Apply updates per vendor instructions.

Weakness Classification

CWE-20

CWE-918

References

https://nvd.nist.gov/vuln/detail/CVE-2021-21973

Cybersecurity Alerts

CVE-2021-21973

VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability

Required Action

Weakness Classification

References