5.3
CVE-2021-22017
- EPSS 79.16%
- Published 23.09.2021 13:15:08
- Last modified 02.04.2025 16:59:49
- Source security@vmware.com
- Teams watchlist Login
- Open Login
Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to bypass proxy leading to internal endpoints being accessed.
Data is provided by the National Vulnerability Database (NVD)
VMware ≫ Vcenter Server Version6.7 Update-
10.01.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
VMware vCenter Server Improper Access Control
VulnerabilityRhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization.
DescriptionApply updates per vendor instructions.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 79.16% | 0.99 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|