NewsSecurity Vulnerabilities

VMware vCenter Server file upload vulnerability (CVE-2021-22005)

CVE number = CVE-2021-22005

The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service.

A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.

To remediate CVE-2021-22005 apply the relevant updates.

This issue does not affect vCenter Server 6.5.

A supplemental blog post was created for additional clarification. Please see: https://via.vmw.com/vmsa-2021-0020-faq

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.