The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Cloud_foundation | Vmware | 3.0 (including) | 3.11 (including) |
| Cloud_foundation | Vmware | 4.0 (including) | 4.3.1 (including) |
| Vcenter_server | Vmware | 6.5 (including) | 6.5 (including) |
| Vcenter_server | Vmware | 6.5-a (including) | 6.5-a (including) |
| Vcenter_server | Vmware | 6.5-b (including) | 6.5-b (including) |
| Vcenter_server | Vmware | 6.5-c (including) | 6.5-c (including) |
| Vcenter_server | Vmware | 6.5-d (including) | 6.5-d (including) |
| Vcenter_server | Vmware | 6.5-e (including) | 6.5-e (including) |
| Vcenter_server | Vmware | 6.5-f (including) | 6.5-f (including) |
| Vcenter_server | Vmware | 6.5-update1 (including) | 6.5-update1 (including) |
| Vcenter_server | Vmware | 6.5-update1b (including) | 6.5-update1b (including) |
| Vcenter_server | Vmware | 6.5-update1c (including) | 6.5-update1c (including) |
| Vcenter_server | Vmware | 6.5-update1d (including) | 6.5-update1d (including) |
| Vcenter_server | Vmware | 6.5-update1e (including) | 6.5-update1e (including) |
| Vcenter_server | Vmware | 6.5-update1g (including) | 6.5-update1g (including) |
| Vcenter_server | Vmware | 6.5-update2 (including) | 6.5-update2 (including) |
| Vcenter_server | Vmware | 6.5-update2b (including) | 6.5-update2b (including) |
| Vcenter_server | Vmware | 6.5-update2c (including) | 6.5-update2c (including) |
| Vcenter_server | Vmware | 6.5-update2d (including) | 6.5-update2d (including) |
| Vcenter_server | Vmware | 6.5-update2g (including) | 6.5-update2g (including) |
| Vcenter_server | Vmware | 6.5-update3 (including) | 6.5-update3 (including) |
| Vcenter_server | Vmware | 6.5-update3d (including) | 6.5-update3d (including) |
| Vcenter_server | Vmware | 6.5-update3f (including) | 6.5-update3f (including) |
| Vcenter_server | Vmware | 6.5-update3k (including) | 6.5-update3k (including) |
| Vcenter_server | Vmware | 6.5-update3n (including) | 6.5-update3n (including) |
| Vcenter_server | Vmware | 6.5-update3p (including) | 6.5-update3p (including) |
| Vcenter_server | Vmware | 6.5-update3q (including) | 6.5-update3q (including) |
| Vcenter_server | Vmware | 6.5-update3r (including) | 6.5-update3r (including) |
| Vcenter_server | Vmware | 6.5-update3s (including) | 6.5-update3s (including) |
| Vcenter_server | Vmware | 6.7 (including) | 6.7 (including) |
| Vcenter_server | Vmware | 6.7-a (including) | 6.7-a (including) |
| Vcenter_server | Vmware | 6.7-b (including) | 6.7-b (including) |
| Vcenter_server | Vmware | 6.7-d (including) | 6.7-d (including) |
| Vcenter_server | Vmware | 6.7-update1 (including) | 6.7-update1 (including) |
| Vcenter_server | Vmware | 6.7-update1b (including) | 6.7-update1b (including) |
| Vcenter_server | Vmware | 6.7-update2 (including) | 6.7-update2 (including) |
| Vcenter_server | Vmware | 6.7-update2a (including) | 6.7-update2a (including) |
| Vcenter_server | Vmware | 6.7-update2c (including) | 6.7-update2c (including) |
| Vcenter_server | Vmware | 6.7-update3 (including) | 6.7-update3 (including) |
| Vcenter_server | Vmware | 6.7-update3a (including) | 6.7-update3a (including) |
| Vcenter_server | Vmware | 6.7-update3b (including) | 6.7-update3b (including) |
| Vcenter_server | Vmware | 6.7-update3f (including) | 6.7-update3f (including) |
| Vcenter_server | Vmware | 6.7-update3g (including) | 6.7-update3g (including) |
| Vcenter_server | Vmware | 6.7-update3j (including) | 6.7-update3j (including) |
| Vcenter_server | Vmware | 6.7-update3l (including) | 6.7-update3l (including) |
| Vcenter_server | Vmware | 6.7-update3m (including) | 6.7-update3m (including) |
| Vcenter_server | Vmware | 6.7-update3n (including) | 6.7-update3n (including) |
| Vcenter_server | Vmware | 6.7-update3o (including) | 6.7-update3o (including) |
| Vcenter_server | Vmware | 6.7-update3p (including) | 6.7-update3p (including) |
| Vcenter_server | Vmware | 6.7-update3q (including) | 6.7-update3q (including) |
| Vcenter_server | Vmware | 7.0 (including) | 7.0 (including) |
| Vcenter_server | Vmware | 7.0-a (including) | 7.0-a (including) |
| Vcenter_server | Vmware | 7.0-b (including) | 7.0-b (including) |
| Vcenter_server | Vmware | 7.0-c (including) | 7.0-c (including) |
| Vcenter_server | Vmware | 7.0-d (including) | 7.0-d (including) |
| Vcenter_server | Vmware | 7.0-update1 (including) | 7.0-update1 (including) |
| Vcenter_server | Vmware | 7.0-update1a (including) | 7.0-update1a (including) |
| Vcenter_server | Vmware | 7.0-update1c (including) | 7.0-update1c (including) |
| Vcenter_server | Vmware | 7.0-update1d (including) | 7.0-update1d (including) |
| Vcenter_server | Vmware | 7.0-update2 (including) | 7.0-update2 (including) |
| Vcenter_server | Vmware | 7.0-update2a (including) | 7.0-update2a (including) |
| Vcenter_server | Vmware | 7.0-update2b (including) | 7.0-update2b (including) |
| Vcenter_server | Vmware | 7.0-update2c (including) | 7.0-update2c (including) |
| Vcenter_server | Vmware | 7.0-update2d (including) | 7.0-update2d (including) |
| Vcenter_server | Vmware | 7.0-update3 (including) | 7.0-update3 (including) |
| Vcenter_server | Vmware | 7.0-update3a (including) | 7.0-update3a (including) |
| Vcenter_server | Vmware | 7.0-update3c (including) | 7.0-update3c (including) |
| Vcenter_server | Vmware | 7.0-update3d (including) | 7.0-update3d (including) |
| Vcenter_server | Vmware | 7.0-update3e (including) | 7.0-update3e (including) |