Vulnerability Details : CVE-2021-21980
The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.
Exploit prediction scoring system (EPSS) score for CVE-2021-21980
Probability of exploitation activity in the next 30 days: 0.25%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 63 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2021-21980
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
References for CVE-2021-21980
-
https://www.vmware.com/security/advisories/VMSA-2021-0027.html
VMSA-2021-0027Patch;Vendor Advisory
Products affected by CVE-2021-21980
- cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.5:update_1:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.5:update_1b:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.5:update_1c:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.5:update_1d:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.5:update_1e:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.5:update_1g:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.5:update_2:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.5:update_2b:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.5:update_2c:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.5:update_2d:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.5:update_2g:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.5:update_3:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.5:update_3d:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.5:update_3f:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.5:update_3k:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.5:update_3n:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.5:update_3p:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.5:update_3q:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.7:update_1:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.7:update_1b:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.7:update_2:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.7:update_2a:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.7:update_2c:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.7:update_3:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.7:update_3a:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.7:update_3b:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.7:update_3f:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.7:update_3g:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.7:update_3j:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.7:update_3l:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.7:update_3m:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.7:update_3n:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.7:update_3o:*:*:*:*:*:*
- cpe:2.3:a:vmware:cloud_foundation:3.0:-:*:*:*:*:*:*