漏洞描述
VMware vCenter Server 提供了一个可伸缩,可扩展的平台,为虚拟化管理基础平台。VMware vCenter Server (以前称为VMware VirtualCenter),可集中管理 VMware vSphere 环境,与其他管理平台相比,极大地提高了 IT 管理员对虚拟环境的控制。在vCenter Web 服务的特定路径下,存在一个未经校验的外部可控参数,可直接传入任意文件路径并返回具体文件内容。
Vmware Vcenter任意文件读取漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2021-22005: VMware vCenter Server - Arbitrary File Upload
- POC CVE-2021-22005: VMware vCenter Server - Arbitrary File Upload
- POC vmware-vcenter-lfi: VMware vCenter - Local File Inclusion
- POC vmware-vcenter-log4j-jndi-rce-temp: VMware VCenter - Remote Code Execution (Apache Log4j)
- POC vmware-vcenter-provider-logo-ssrf: Vmware VCenter - Arbitrary File Read
- POC vmware-vcenter-lfi-linux: Linux Vmware Vcenter - Local File Inclusion
- POC vmware-vcenter-lfi: VMware vCenter - Local File Inclusion
- POC vmware-vcenter-log4j-rce: VMware VCenter - Remote Code Execution (Apache Log4j)
- POC vmware-vcenter-ssrf: VMware vCenter - Server-Side Request Forgery/Local File Inclusion/Cross-Site Scripting
- POC CVE-2020-3952: VMware vCenter Server LDAP Broken Access Control
- POC CVE-2023-34048: VMware vCenter Server - Out-of-Bounds Write
- POC vmware-detect: Vmware Vcenter - Build Version
- VMware vCenter Server /ui/vcav-bootstrap/rest/vcav-providers/provider-logo 文件读取漏洞(CVE-2021-21986)