VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability

Added March 7, 2022 • Due March 21, 2022 • CVE-2021-21973

Overdue VMware / vCenter Server and Cloud Foundation CWE-20 CWE-918

Description

VMware vCenter Server and Cloud Foundation Server contain a SSRF vulnerability due to improper validation of URLs in a vCenter Server plugin. This allows for information disclosure.

Required Action

Apply updates per vendor instructions.

References

https://nvd.nist.gov/vuln/detail/CVE-2021-21973

Additional Information

Catalog Version: 2025.01.24
Catalog Released: Jan. 24, 2025
Days Until Due: 0 days
Last Updated: 7 months, 3 weeks ago