CVE-2021-21985

VMware | vCenter ServerAdded 2021-11-03Remediation Deadline 2021-11-17Active Ransomware Campaign

VMware vCenter Server Improper Input Validation Vulnerability

VMware vSphere Client contains an improper input validation vulnerability in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server, which allows for remote code execution.

Required Action

Apply updates per vendor instructions.

Weakness Classification

CWE-20

CWE-470

CWE-918

References

https://nvd.nist.gov/vuln/detail/CVE-2021-21985

Cybersecurity Alerts

CVE-2021-21985

VMware vCenter Server Improper Input Validation Vulnerability

Required Action

Weakness Classification

References