CVE-2021-22048

Summary

The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group.

Affected Software

VendorProductVersion RangeStatus
n/aVMware vCenter Server and VMware Cloud FoundationVMware vCenter Server(7.0 and 6.7) and VMware Cloud Foundation (4.x and 3.x)affected

Weaknesses

  • Privilege escalation vulnerability

ADP Enrichment

CVE Program Container

Additional References

References