vulnerability
VMware vCenter Server: CVE-2021-22048 (VMSA-2021-0025)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:S/C:P/I:P/A:P) | Nov 10, 2021 | Jan 20, 2026 | Jan 20, 2026 |
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Published
Nov 10, 2021
Added
Jan 20, 2026
Modified
Jan 20, 2026
Description
The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group.
Solution
vmware-vcenter-server-upgrade-latest
References
- CVE-2021-22048
- https://attackerkb.com/topics/CVE-2021-22048
- URL-http://packetstormsecurity.com/files/167733/VMware-Security-Advisory-2022-0025.2.html
- URL-http://packetstormsecurity.com/files/167795/VMware-Security-Advisory-2021-0025.3.html
- URL-https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23625
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.