CVE-2021-21980: VMware vCenter Server arbitrary file read vulnerability
VMware vCenter Server is the centralized management utility for VMware and is used to manage virtual machines, multiple ESXi hosts, and all dependent components from a single centralized location. VMware vMotion and svMotion require the use of vCenter and ESXi hosts.
On November 23, 2021, VMware released a security update for the vCenter Server, the vulnerability number is CVE-2021-21980 with the CVSSv3 of 7.5, the vulnerability level is high risk. vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file reading vulnerability. Hackers with network access to port 443 on the vCenter Server can use the CVE-2021-21980 to obtain sensitive information.
- vCenter Server 6.7
- vCenter Server 6.5
- Cloud Foundation (vCenter Server) 3.x
In this regard, we recommend that users upgrade VMware vCenter Server to the latest version in time.