CVE-2021-21973 — VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability
2022-03-07 • CISA Known Exploited Vulnerability
[event] VMware vCenter Server and Cloud Foundation Server contain a SSRF vulnerability due to improper validation of URLs in a vCenter Server plugin. This allows for information disclosure.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | VMware |
| Product | vCenter Server and Cloud Foundation |
| CWE | CWE-20, CWE-918 |
| CVE ID | CVE-2021-21973 |
| Date Added | 2022-03-07 |
| Due Date | 2022-03-21 |
| Ransomware Campaign | Unknown |
> MITIGATION
Apply updates per vendor instructions.
Due Date: 2022-03-21