VMware released updates to plug two loopholes in vCenter Server and Cloud Foundation that can be exploited to obtain sensitive information.
The acute vulnerability relates to an arbitrary file in the vSphere Web Client. The bug, labelled as CVE-2021-21980, has been rated 7.5 out of 10 (maximum) on the CVSS scoring system and impacts vCenter Server versions 6.5 and 6.7.
“A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information,” the company noted in an advisory published on November 23, crediting ch0wn of Orz lab for reporting the VMware flaw.
The second loophole is based on SSRF in the Virtual storage area network (vSAN) Web Client plug-in. The loophole can lead to an attack by accessing an internal service or a URL request outside of the server. However, the attacker must have network access port 443 on the vCenter Server.
The company reported that magic zero from SGLAB of Legends at Qi’anxin Group had discovered and flagged the flaw.
The news describes an SSRF attack as, “ a kind of web security vulnerability that enables an adversary to read or modify internal resources that the target server has access to by sending specially crafted HTTP requests, resulting in the unauthorized exposure of information.”