CVE-2021-22019 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2021-22019

CWE

https://cwe.mitre.org/data/definitions/.html

The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 5480 on vCenter Server may exploit this issue by sending a specially crafted jsonrpc message to create a denial of service condition.

Affected Software

Name	Vendor	Start Version	End Version
Cloud_foundation	Vmware	3.0 (including)	3.10.2.2 (excluding)
Cloud_foundation	Vmware	4.0 (including)	4.3 (excluding)
Vcenter_server	Vmware	6.5 (including)	6.5 (including)
Vcenter_server	Vmware	6.7 (including)	6.7 (including)
Vcenter_server	Vmware	7.0 (including)	7.0 (including)

References

https://www.vmware.com/security/advisories/VMSA-2021-0020.html
https://www.vmware.com/security/advisories/VMSA-2021-0020.html