CVE-2021-22049

{"id": "CVE-2021-22049", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2021-11-24T17:15:07.707", "references": [{"url": "https://www.vmware.com/security/advisories/VMSA-2021-0027.html", "tags": ["Patch", "Vendor Advisory"], "source": "security@vmware.com"}, {"url": "https://www.vmware.com/security/advisories/VMSA-2021-0027.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service."}, {"lang": "es", "value": "El cliente web de vSphere (FLEX/Flash) contiene una vulnerabilidad de tipo SSRF (Server Side Request Forgery) en el plugin del cliente web de vSAN (vSAN UI). Un actor malicioso con acceso de red al puerto 443 en vCenter Server puede explotar este problema al acceder a una petici\u00f3n de URL fuera de vCenter Server o accediendo a un servicio interno"}], "lastModified": "2024-11-21T05:49:30.077", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23CFE5A5-A166-4FD5-BE97-5F16DAB1EAE0"}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E456F84C-A86E-4EA9-9A3E-BEEA662136E6"}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F"}], "operator": "OR"}]}], "sourceIdentifier": "security@vmware.com"}