Arbitrary File Deletion in VMware vSphere Lifecycle Manager Plugin
CVE-2021-22018
Key Information:
- Vendor
Vmware
- Vendor
- CVE Published:
- 23 September 2021
What is CVE-2021-22018?
The vCenter Server has a vulnerability in the VMware vSphere Lifecycle Manager plug-in that allows for arbitrary file deletion. Attackers with access to port 9087 can exploit this vulnerability to delete non-critical files, posing a potential risk to data integrity and availability. Organizations utilizing affected versions of vCenter Server should prioritize applying the latest security updates to mitigate the risk associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
VMware vCenter Server, VMware Cloud Foundation VMware vCenter Server 7.x before 7.0.2 U2d and VMware Cloud Foundation 4.x before 4.3.1
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved