{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T12:39:03.475","vulnerabilities":[{"cve":{"id":"CVE-2021-21972","sourceIdentifier":"security@vmware.com","published":"2021-02-24T17:15:15.833","lastModified":"2025-10-30T20:06:27.130","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2)."},{"lang":"es","value":"El VSphere Client (HTML5) contiene una vulnerabilidad de ejecución de código remota en un plugin de vCenter Server.&#xa0;Un actor malicioso con acceso de red al puerto 443 puede explotar este problema para ejecutar comandos con privilegios no restringidos en el sistema operativo subyacente que aloja vCenter Server.&#xa0;Esto afecta a VMware vCenter Server (versiones 7.x anteriores a 7.0 U1c, versiones 6.7 anteriores a 6.7 U3l y versiones 6.5 anteriores a 6.5 U3n) y VMware Cloud Foundation (versiones 4.x anteriores a 4.2 y versiones 3.x anteriores a 3.10.1.2)"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"cisaExploitAdd":"2021-11-03","cisaActionDue":"2021-11-17","cisaRequiredAction":"Apply updates per vendor instructions.","cisaVulnerabilityName":"VMware vCenter Server Remote Code Execution Vulnerability","weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0","versionEndExcluding":"3.10.1.2","matchCriteriaId":"1995769A-1AB9-47FA-966A-8E82D414161E"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0","versionEndExcluding":"4.2","matchCriteriaId":"A608D809-6E65-4228-9207-CB470529C542"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*","matchCriteriaId":"23CFE5A5-A166-4FD5-BE97-5F16DAB1EAE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:*","matchCriteriaId":"CF7DDB0C-3C07-4B5E-8B8A-0542FEE72877"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:*","matchCriteriaId":"1DD16169-A7DF-4604-888C-156A60018E32"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:*","matchCriteriaId":"46FC9F34-C8FA-4AFE-9F4A-7CF9516BD4D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:*","matchCriteriaId":"D26534EB-327B-4ED6-A3E1-005552CB1F9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:6.5:e:*:*:*:*:*:*","matchCriteriaId":"786CDD50-7E18-4437-8DB9-2D0ADECD436E"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:6.5:f:*:*:*:*:*:*","matchCriteriaId":"B2CE8DAE-0E78-4004-983D-1ECD8855EC33"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:6.5:update1d:*:*:*:*:*:*","matchCriteriaId":"F72A1E9C-F960-4E8C-A46C-B38209E6349E"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:6.5:update1e:*:*:*:*:*:*","matchCriteriaId":"2C33CE46-F529-4EA9-9344-6ED3BFA7019D"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:6.5:update1g:*:*:*:*:*:*","matchCriteriaId":"9F1D8161-0E02-45C9-BF61-14799AB65E03"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:6.5:update2:*:*:*:*:*:*","matchCriteriaId":"1F2CB1FF-6118-4875-945D-07BAA3A21FFA"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:6.5:update2b:*:*:*:*:*:*","matchCriteriaId":"1AEDA28A-5C8E-4E95-A377-3BE530DBEAB5"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:6.5:update2c:*:*:*:*:*:*","matchCriteriaId":"BDDC6510-3116-4578-80C8-8EF044A8370A"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:6.5:update2d:*:*:*:*:*:*","matchCriteriaId":"8678DB48-CB98-4E4C-ADE6-CABA73265FEC"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:6.5:update2g:*:*:*:*:*:*","matchCriteriaId":"DBD9A341-1FBF-4E04-848B-550DEB27261A"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:6.5:update3:*:*:*:*:*:*","matchCriteriaId":"4955663C-1BB6-4F3E-9D4B-362DF144B7F1"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:6.5:update3d:*:*:*:*:*:*","matchCriteriaId":"CE0F8453-3D6C-4F1C-9167-3F02E3D905DC"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:6.5:update3f:*:*:*:*:*:*","matchCriteriaId":"0EAD4045-A7F9-464F-ABB9-3782941162CC"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:6.5:update3k:*:*:*:*:*:*","matchCriteriaId":"2F0A79C2-33AE-40C5-A853-770A4C691F29"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*","matchCriteriaId":"E456F84C-A86E-4EA9-9A3E-BEEA662136E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:6.7:a:*:*:*:*:*:*","matchCriteriaId":"5241C282-A02B-44B2-B6CA-BA3A99F9737C"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:6.7:b:*:*:*:*:*:*","matchCriteriaId":"04A60AC7-C2EA-4DBF-9743-54D708584AFA"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:6.7:d:*:*:*:*:*:*","matchCriteriaId":"8A91B0C4-F184-459E-AFD3-DE0E351CC964"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:6.7:update1:*:*:*:*:*:*","matchCriteriaId":"23253631-2655-48A8-9B00-CB984232329C"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:6.7:update1b:*:*:*:*:*:*","matchCriteriaId":"50C2A9A8-0E66-4702-BCD4-74622108E7A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:6.7:update2:*:*:*:*:*:*","matchCriteriaId":"EE4D3E2A-C32D-408F-B811-EF8BC86F0D34"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:6.7:update2a:*:*:*:*:*:*","matchCriteriaId":"31CA7802-D78D-4BAD-A45A-68B601C010C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:6.7:update2c:*:*:*:*:*:*","matchCriteriaId":"3B98981B-4721-4752-BAB4-361DB5AEB86F"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:6.7:update3:*:*:*:*:*:*","matchCriteriaId":"04487105-980A-4943-9360-4442BF0411E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:6.7:update3a:*:*:*:*:*:*","matchCriteriaId":"24D24E06-EB3F-4F11-849B-E66757B01466"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:6.7:update3b:*:*:*:*:*:*","matchCriteriaId":"8AF12716-88E2-44B5-ACD7-BCBECA130FB8"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:6.7:update3f:*:*:*:*:*:*","matchCriteriaId":"3352212C-E820-47B3-BDF5-57018F5B9E81"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:6.7:update3g:*:*:*:*:*:*","matchCriteriaId":"6436ADFD-6B94-4D2A-B09B-CED4EC6CA276"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:6.7:update3j:*:*:*:*:*:*","matchCriteriaId":"D06832CE-F946-469D-B495-6735F18D02A0"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*","matchCriteriaId":"5FA81CCD-A05E-498C-820E-21980E92132F"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*","matchCriteriaId":"0EE83406-A3D9-4F75-A1A6-63831CEBEEC1"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*","matchCriteriaId":"FB563627-C9CF-4D8A-B882-9AB65EAE9E15"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*","matchCriteriaId":"DCA03B2A-48B2-48AD-B8EB-9D7BB2016819"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*","matchCriteriaId":"A2392D0F-D7A2-4E01-9212-1BA6C895AEBF"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*","matchCriteriaId":"6D731C1A-9FE5-461C-97E2-6F45E4CBABE1"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*","matchCriteriaId":"8725E544-2A94-4829-A683-1ECCE57A74A6"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/161590/VMware-vCenter-Server-7.0-Arbitrary-File-Upload.html","source":"security@vmware.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/161695/VMware-vCenter-Server-File-Upload-Remote-Code-Execution.html","source":"security@vmware.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/163268/VMware-vCenter-6.5-6.7-7.0-Remote-Code-Execution.html","source":"security@vmware.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.vmware.com/security/advisories/VMSA-2021-0002.html","source":"security@vmware.com","tags":["Vendor Advisory"]},{"url":"http://packetstormsecurity.com/files/161590/VMware-vCenter-Server-7.0-Arbitrary-File-Upload.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/161695/VMware-vCenter-Server-File-Upload-Remote-Code-Execution.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/163268/VMware-vCenter-6.5-6.7-7.0-Remote-Code-Execution.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.vmware.com/security/advisories/VMSA-2021-0002.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21972","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}}]}