Main Vulnerability Database Vulnerabilities #VU53596

#VU53596 Improper Authentication in vCenter Server and Cloud Foundation - CVE-2021-21986

Published: May 26, 2021

Vulnerability identifier: #VU53596

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-21986

CWE-ID: CWE-287

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
vCenter Server
Cloud Foundation

Software vendor:
VMware, Inc

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests to the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A remote non-authenticated attacker can bypass authentication process and gain unauthorized access to the application.

Remediation

Install updates from vendor's website.

External links

https://www.vmware.com/security/advisories/VMSA-2021-0010.html

#VU53596 Improper Authentication in vCenter Server and Cloud Foundation - CVE-2021-21986

Description

Remediation

External links

Please verify you're human