CVE-2021-21986

Summary

The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Server may perform actions allowed by the impacted plug-ins without authentication.

Affected Software

VendorProductVersion RangeStatus
n/aVMware vCenter Server and VMware Cloud FoundationVMware vCenter Server (7.x before 7.0 U2b, 6.7 before 6.7 U3n, 6.5 before 6.5 U3p) and VMware Cloud Foundation (4.x before 4.2.1, 3.x before 3.10.2.1)affected

Weaknesses

  • Issue with Authentication mechanism

ADP Enrichment

CVE Program Container

Additional References

References