Denial-of-Service Vulnerability in vCenter Server by VMware
CVE-2021-22020

5.5MEDIUM

Key Information:

Vendor: Vmware
Status: Vmware Vcenter Server, Vmware Cloud Foundation
Vendor: CVE Published:; 23 September 2021

Summary

The vCenter Server has a vulnerability in its Analytics service that can be exploited to induce a denial-of-service condition. An attacker may leverage this flaw to disrupt the availability of the vCenter Server, impacting operations and accessibility of the services provided. Ensuring that your systems are updated is crucial for mitigating this risk. For more details, refer to the VMware security advisory.

Affected Version(s)

VMware vCenter Server, VMware Cloud Foundation VMware vCenter Server(7.x before 7.0 U2c and 6.7 before 6.7 U3o) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2)

References

https://www.vmware.com/security/advisories/VMSA-2021-0020...

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 23, 2021
Vulnerability Reserved
Jan 4, 2021