https://www.vmware.com/security/advisories/VMSA-2021-0020.html

The version of VMware vCenter Server installed on the remote host is 6.5 prior to 6.5 U3q. It is, therefore, affected  by multiple vulnerabilities:

    - A privilege escalation vulnerability exists in vCenter Server due to the way it handles session tokens.       An authenticated, local attacker can exploit this to gain unauthorized access to the system.       (CVE-2021-21991, CVE-2021-22015)

    - An rhttproxy bypass vulnerability exists in vCenter Server due to improper implementation of URI       normalization. An unauthenticated, remote attacker can exploit this to gain access to internal       endpoints. (CVE-2021-22017)


Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version   number. Nessus has also not tested for the presence of a workaround.

The version of VMware vCenter Server installed on the remote host is 7.0 prior to 7.0 U2c. It is, therefore, affected  by multiple vulnerabilities:

    - An arbitrary file upload vulnerability exists in the analytics service of vSphere Server. An       unauthenticated, remote attacker can exploit this to upload arbitrary files on the remote host       and execute code using a specially crafted file. (CVE-2021-22005)

    - A privilege escalation vulnerability exists in vCenter Server due to the way it handles session tokens.       An authenticated, local attacker can exploit this to gain unauthorized access to the system.       (CVE-2021-21991, CVE-2021-22015)

    - A reverse proxy bypass vulnerability exists in vCenter Server due to the way the endpoints handle the URI.       An unauthenticated, remote attacker can exploit this to gain unauthorized access to restricted endpoints.
      (CVE-2021-22006) 

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version   number. Nessus has also not tested for the presence of a workaround.

The version of VMware vCenter Server installed on the remote host is 6.7 prior to 6.7 U3o. It is, therefore, affected by multiple vulnerabilities:

    - A privilege escalation vulnerability exists in vCenter Server due to the way it handles session tokens.       An authenticated, local attacker can exploit this to gain unauthorized access to the system.       (CVE-2021-21991, CVE-2021-22015)

    - A reverse proxy bypass vulnerability exists in vCenter Server due to the way the endpoints handle the URI.       An unauthenticated, remote attacker can exploit this to gain unauthorized access to restricted endpoints.
      (CVE-2021-22006) 

    - An rhttproxy bypass vulnerability exists in vCenter Server due to improper implementation of URI       normalization. An unauthenticated, remote attacker can exploit this to gain access to internal       endpoints. (CVE-2021-22017)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version   number. Nessus has also not tested for the presence of a workaround.

ID	Name	Product	Family	Severity
153547	VMware vCenter Server < 6.5 U3q Multiple Vulnerabilities (VMSA-2021-0020)	Nessus	Misc.	high
153545	VMware vCenter Server < 7.0 U2c Multiple Vulnerabilities (VMSA-2021-0020)	Nessus	Misc.	high
153544	VMware vCenter Server < 6.7 Multiple Vulnerabilities (VMSA-2021-0020)	Nessus	Misc.	high

CVE-2021-22015

high

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Tenable Plugins

high

high

high