CVE-2021-21973 - VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability
Project:VMware
Product:vCenter Server and Cloud Foundation
Date Added:2022-03-07Due Date:2022-03-21
Vulnerability Name
VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability
Description
VMware vCenter Server and Cloud Foundation Server contain a SSRF vulnerability due to improper validation of URLs in a vCenter Server plugin. This allows for information disclosure.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions.
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-21973
Related News Articles
Over 400 IPs Exploiting Multiple SSRF Vulnerabilities in Coordinated Cyber AttackMarch 12, 2025