CVE-2021-22017
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to bypass proxy leading to internal endpoints being accessed.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | VMware vCenter Server, VMware Cloud Foundation | VMware vCenter Server(6.7 before 6.7 U3o and 6.5 before 6.5 U3q) and VMware Cloud Foundation 3.x before 3.10.2.2 | affected |
Weaknesses
- Rhttpproxy bypass vulnerability
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: active
- Automatable: yes
- Technical Impact: partial
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.