{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T12:14:39.223","vulnerabilities":[{"cve":{"id":"CVE-2021-22008","sourceIdentifier":"security@vmware.com","published":"2021-09-23T12:15:07.847","lastModified":"2024-11-21T05:49:25.860","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information."},{"lang":"es","value":"vCenter Server contiene una vulnerabilidad de divulgación de información en el servicio VAPI (vCenter API). Un actor malicioso con acceso de red al puerto 443 en vCenter Server puede explotar este problema mediante el envío de un mensaje json-rpc especialmente diseñado para conseguir acceso a información confidencial"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0","versionEndExcluding":"5.0","matchCriteriaId":"5071E0B4-FE4B-4525-BAF6-3900D9C8D48D"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*","matchCriteriaId":"23CFE5A5-A166-4FD5-BE97-5F16DAB1EAE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*","matchCriteriaId":"E456F84C-A86E-4EA9-9A3E-BEEA662136E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*","matchCriteriaId":"5FA81CCD-A05E-498C-820E-21980E92132F"}]}]}],"references":[{"url":"https://www.vmware.com/security/advisories/VMSA-2021-0020.html","source":"security@vmware.com","tags":["Patch","Vendor Advisory"]},{"url":"https://www.vmware.com/security/advisories/VMSA-2021-0020.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}}]}