Exploit for #VU50899 Server-Side Request Forgery (SSRF) in vCenter Server and Cloud Foundation

Exploit for #VU50899 Server-Side Request Forgery (SSRF) in vCenter Server and Cloud Foundation

Published: 2021-05-18 | Updated: 2021-08-19

Vulnerability identifier: #VU50899

Vulnerability risk: Medium

CVSSv3.1: 5.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:H/RL:O/RC:C]

CVE-ID: CVE-2021-21973

CWE-ID: CWE-918

Exploitation vector: Network

Exploits in database: 2

August 19, 2021
- CVE-2021-21972 ([CVE-2021-21972] VMware vSphere Client Unauthorized File Upload to Remote Code Execution (RCE)) [Github]
May 18, 2021
- CVE-2021-21973-Automateme (automate me!) [Github]

Impact: Information disclosure

Vulnerable software:
vCenter Server
Server applications / Virtualization software
Cloud Foundation
Client/Desktop applications / Virtualization software

Vendor: VMware, Inc