CVE-2021-22011

Summary

vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to perform unauthenticated VM network setting manipulation.

Affected Software

VendorProductVersion RangeStatus
n/aVMware vCenter Server, VMware Cloud FoundationVMware vCenter Server(7.x before 7.0.2 U2d, 6.7 before 6.7 U3o and 6.5 before 6.5 U3q) and VMware Cloud Foundation (4.x before 4.3.1 and 3.x before 3.10.2.2)affected

Weaknesses

  • Unauthenticated API endpoint vulnerability

ADP Enrichment

CVE Program Container

Additional References

References