VMware vCenter Server updates address arbitrary file read and SSRF vulnerabilities (CVE-2021-21980, CVE-2021-22049)

CVE numbers = CVE-2021-21980 and CVE-2021-22049

Multiple vulnerabilities in VMware vCenter Server were privately reported to VMware.

Updates are available to remediate these vulnerabilities in affected VMware products.

Impacted Products

  • VMware vCenter Server (vCenter Server)
  • VMware Cloud Foundation (Cloud Foundation)

vCenter Server updates address arbitrary file read vulnerability in the vSphere Web Client (CVE-2021-21980)

Description

The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.5.

Known Attack Vectors

A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.

Resolution

To remediate CVE-2021-21980 apply the updates listed in the ‘Fixed Version’ column of the ‘Response Matrix’ below to affected deployments.

Workarounds

None.

vCenter Server updates address SSRF vulnerability in the vSphere Web Client (CVE-2021-22049)

Description

The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.5.

Known Attack Vectors

A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.

Resolution

To remediate CVE-2021-22049 apply the updates listed in the ‘Fixed Version’ column of the ‘Response Matrix’ below to affected deployments.

Workarounds

None.

For updates and patches please see – https://www.vmware.com/security/advisories/VMSA-2021-0027.html

Jason Davies

UK based technology professional, with an interest in computer security and telecoms.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: