module
VMware vCenter Server Virtual SAN Health Check Plugin RCE
| Disclosed |
|---|
| May 25, 2021 |
Disclosed
May 25, 2021
Description
This module exploits Java unsafe reflection and SSRF in the VMware
vCenter Server Virtual SAN Health Check plugin's ProxygenController
class to execute code as the vsphere-ui user.
See the vendor advisory for affected and patched versions. Tested
against VMware vCenter Server 6.7 Update 3m (Linux appliance).
vCenter Server Virtual SAN Health Check plugin's ProxygenController
class to execute code as the vsphere-ui user.
See the vendor advisory for affected and patched versions. Tested
against VMware vCenter Server 6.7 Update 3m (Linux appliance).
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.