Overview
- Description
- The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosure.
- Source
- security@vmware.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-918
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5071E0B4-FE4B-4525-BAF6-3900D9C8D48D",
"versionEndExcluding": "5.0",
"versionStartIncluding": "3.0"
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "23CFE5A5-A166-4FD5-BE97-5F16DAB1EAE0"
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E456F84C-A86E-4EA9-9A3E-BEEA662136E6"
},
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F"
}
],
"operator": "OR"
}
]
}
]