{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-10T06:11:08.490","vulnerabilities":[{"cve":{"id":"CVE-2021-21993","sourceIdentifier":"security@vmware.com","published":"2021-09-23T12:15:07.600","lastModified":"2024-11-21T05:49:24.113","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosure."},{"lang":"es","value":"vCenter Server contiene una vulnerabilidad de tipo SSRF (Server Side Request Forgery) debido a una comprobación inapropiada de las URL en la biblioteca de contenidos del servidor vCenter. Un usuario autorizado con acceso a la biblioteca de contenidos puede explotar este problema mediante el envío de una petición POST a vCenter Server conllevando a una divulgación de información"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0","versionEndExcluding":"5.0","matchCriteriaId":"5071E0B4-FE4B-4525-BAF6-3900D9C8D48D"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*","matchCriteriaId":"23CFE5A5-A166-4FD5-BE97-5F16DAB1EAE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*","matchCriteriaId":"E456F84C-A86E-4EA9-9A3E-BEEA662136E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*","matchCriteriaId":"5FA81CCD-A05E-498C-820E-21980E92132F"}]}]}],"references":[{"url":"https://www.vmware.com/security/advisories/VMSA-2021-0020.html","source":"security@vmware.com","tags":["Patch","Vendor Advisory"]},{"url":"https://www.vmware.com/security/advisories/VMSA-2021-0020.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}}]}