vulnerability

vCenter Server SSRF vulnerability (VMSA-2021-0020) (CVE-2021-21993)

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:N/A:N)

Published

Sep 21, 2021

Added

Jan 21, 2022

Modified

Jan 20, 2026

Description

The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosure.

Solution

vmware-vcenter-server-upgrade-latest

References

CVE-2021-21993
https://attackerkb.com/topics/CVE-2021-21993
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23611
CWE-918

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report