Skip to main content

Cloud Foundation CVE-2021-22007

MEDIUM
2021-09-23 security@vmware.com
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 23, 2021 - 12:15 nvd
MEDIUM 5.5

DescriptionNVD

The vCenter Server contains a local information disclosure vulnerability in the Analytics service. An authenticated user with non-administrative privilege may exploit this issue to gain access to sensitive information.

AnalysisAI

The vCenter Server contains a local information disclosure vulnerability in the Analytics service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Technical ContextAI

The vCenter Server contains a local information disclosure vulnerability in the Analytics service. An authenticated user with non-administrative privilege may exploit this issue to gain access to sensitive information. Affected products include: Vmware Cloud Foundation, Vmware Vcenter Server.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-22224 CRITICAL
9.3 Mar 04

VMware ESXi and Workstation contain a TOCTOU race condition leading to out-of-bounds write, allowing local administrator

CVE-2025-22225 HIGH
8.2 Mar 04

VMware ESXi contains an arbitrary write vulnerability that allows privileged VMX process users to trigger kernel writes,

CVE-2026-22719 HIGH
8.1 Feb 25

VMware Aria Operations contains a command injection vulnerability (CVE-2026-22719, CVSS 8.1) that allows unauthenticated

CVE-2025-22226 HIGH
7.1 Mar 04

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability via HGFS out-of-bounds read, allowi

CVE-2022-22954 CRITICAL POC
9.8 Apr 11

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side templa

CVE-2021-22005 CRITICAL POC
9.8 Sep 23

The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. Rated critical severity (CV

CVE-2021-21985 CRITICAL POC
9.8 May 26

The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual

CVE-2021-21972 CRITICAL POC
9.8 Feb 24

The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. Rated critical sev

CVE-2024-37081 HIGH POC
7.8 Jun 18

The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. Rated h

CVE-2022-22960 HIGH POC
7.8 Apr 13

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due t

CVE-2021-22015 HIGH POC
7.8 Sep 23

The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and

CVE-2021-21975 HIGH POC
7.5 Mar 31

Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor

Share

CVE-2021-22007 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy