The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash) may exploit this issue to create a denial-of-service condition on the vCenter Server host.
2021-09-22T19:15:09.733
2024-11-21T05:49:23.987
Modified
CVSSv3.1: 6.5 (MEDIUM)
AV:N/AC:L/Au:S/C:N/I:N/A:C
8.0
6.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | vmware | cloud_foundation | < 3.10.2.2 | Yes |
| Application | vmware | cloud_foundation | < 4.3 | Yes |
| Application | vmware | vcenter_server | 6.5 | Yes |
| Application | vmware | vcenter_server | 6.5 | Yes |
| Application | vmware | vcenter_server | 6.5 | Yes |
| Application | vmware | vcenter_server | 6.5 | Yes |
| Application | vmware | vcenter_server | 6.5 | Yes |
| Application | vmware | vcenter_server | 6.5 | Yes |
| Application | vmware | vcenter_server | 6.5 | Yes |
| Application | vmware | vcenter_server | 6.5 | Yes |
| Application | vmware | vcenter_server | 6.5 | Yes |
| Application | vmware | vcenter_server | 6.5 | Yes |
| Application | vmware | vcenter_server | 6.5 | Yes |
| Application | vmware | vcenter_server | 6.5 | Yes |
| Application | vmware | vcenter_server | 6.5 | Yes |
| Application | vmware | vcenter_server | 6.5 | Yes |
| Application | vmware | vcenter_server | 6.5 | Yes |
| Application | vmware | vcenter_server | 6.5 | Yes |
| Application | vmware | vcenter_server | 6.5 | Yes |
| Application | vmware | vcenter_server | 6.5 | Yes |
| Application | vmware | vcenter_server | 6.5 | Yes |
| Application | vmware | vcenter_server | 6.5 | Yes |
| Application | vmware | vcenter_server | 6.5 | Yes |
| Application | vmware | vcenter_server | 6.5 | Yes |
| Application | vmware | vcenter_server | 6.5 | Yes |
| Application | vmware | vcenter_server | 6.5 | Yes |
| Application | vmware | vcenter_server | 6.7 | Yes |
| Application | vmware | vcenter_server | 6.7 | Yes |
| Application | vmware | vcenter_server | 6.7 | Yes |
| Application | vmware | vcenter_server | 6.7 | Yes |
| Application | vmware | vcenter_server | 6.7 | Yes |
| Application | vmware | vcenter_server | 6.7 | Yes |
| Application | vmware | vcenter_server | 6.7 | Yes |
| Application | vmware | vcenter_server | 6.7 | Yes |
| Application | vmware | vcenter_server | 6.7 | Yes |
| Application | vmware | vcenter_server | 6.7 | Yes |
| Application | vmware | vcenter_server | 6.7 | Yes |
| Application | vmware | vcenter_server | 6.7 | Yes |
| Application | vmware | vcenter_server | 6.7 | Yes |
| Application | vmware | vcenter_server | 6.7 | Yes |
| Application | vmware | vcenter_server | 6.7 | Yes |
| Application | vmware | vcenter_server | 6.7 | Yes |
| Application | vmware | vcenter_server | 6.7 | Yes |
| Application | vmware | vcenter_server | 6.7 | Yes |
| Application | vmware | vcenter_server | 7.0 | Yes |
| Application | vmware | vcenter_server | 7.0 | Yes |
| Application | vmware | vcenter_server | 7.0 | Yes |
| Application | vmware | vcenter_server | 7.0 | Yes |
| Application | vmware | vcenter_server | 7.0 | Yes |
| Application | vmware | vcenter_server | 7.0 | Yes |
| Application | vmware | vcenter_server | 7.0 | Yes |
| Application | vmware | vcenter_server | 7.0 | Yes |
| Application | vmware | vcenter_server | 7.0 | Yes |
| Application | vmware | vcenter_server | 7.0 | Yes |
| Application | vmware | vcenter_server | 7.0 | Yes |
| Application | vmware | vcenter_server | 7.0 | Yes |