Vulnerabilities > CVE-2021-22017 - Unspecified vulnerability in VMWare Vcenter Server 6.7

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

vmware

NVD

Published: 2021-09-23

Updated: 2021-09-27

Summary

Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to bypass proxy leading to internal endpoints being accessed.

Vulnerable Configurations

Part	Description	Count
Application	Vmware Vmware Vcenter Server 6.7	1

References

https://www.vmware.com/security/advisories/VMSA-2021-0020.html