VMware vSphere Client 漏洞列表
共找到 4 个与 VMware vSphere Client 相关的漏洞
📅 加载漏洞趋势中...
-
CVE-2021-21972: VMware vSphere Client (HTML5) - Remote Code Execution POC
默认启用的 vROps 插件(com.vmware.vropspluginui.mvc)ServicesController 类的 uploadova 接口存在未授权访问,可利用路径穿越将文件解压至特定目录实现 getshell。 FOFA: app="vmware-vCenter" -
CVE-2021-21985: VMware vSphere Client (HTML5) - Remote Code Execution POC
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. -
CVE-2021-21972: VMware vSphere Client (HTML5) - Remote Code Execution POC
VMware vCenter vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2). -
CVE-2021-21985: VMware vSphere Client (HTML5) - Remote Code Execution POC
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.