module
VMware vCenter Server Virtual SAN Health Check Plugin RCE
| Disclosed |
|---|
| May 25, 2021 |
Disclosed
May 25, 2021
Description
This module exploits Java unsafe reflection and SSRF in the VMware
vCenter Server Virtual SAN Health Check plugin's ProxygenController
class to execute code as the vsphere-ui user.
See the vendor advisory for affected and patched versions. Tested
against VMware vCenter Server 6.7 Update 3m (Linux appliance).
vCenter Server Virtual SAN Health Check plugin's ProxygenController
class to execute code as the vsphere-ui user.
See the vendor advisory for affected and patched versions. Tested
against VMware vCenter Server 6.7 Update 3m (Linux appliance).
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.