CVE-2021-22009

Published: Sep 23, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit these issues to create a denial of service condition due to excessive memory consumption by VAPI service.

Affected (3)

Products: Vmware: Cloud Foundation, Vcenter Server

2 products

Cloud Foundation

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Vmware Cloud Foundation	From 3.0 to 5.0
Vmware Vcenter Server	Version 6.7
Vmware Vcenter Server	Version 7.0

Related CWEs

Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References (2)

https://www.vmware.com/security/advisories/VMSA-2021-0020.html

Source: security@vmware.com

PatchVendor Advisory

https://www.vmware.com/security/advisories/VMSA-2021-0020.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.