CVE-2021-21972
Vendor and product: VMware vSphere Client
This bug, existing within a vCenter Server plugin, is a remote code execution flaw that allows malicious actors with network access to port 443 to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
CVE-2021-21972 was reported to VMware on Feb. 23, 2021 along with two others (CVE-2021-21973, CVE-2021-21974) that impact EXSi and the vSphere Client, respectively.
Return To Article