CVE-2021-22008

Summary

The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information.

Affected Software

VendorProductVersion RangeStatus
n/aVMware vCenter Server, VMware Cloud FoundationVMware vCenter Server(7.x before 7.0 U2c, 6.7 before 6.7 U3o and 6.5 before 6.5 U3q) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2)affected

Weaknesses

  • Information disclosure vulnerability

ADP Enrichment

CVE Program Container

Additional References

References