HTTP: VMware vCenter Server vROPs Plugin Server Side Request Forgery
This signature detects attempts to exploit a known vulnerability against VMware vSphere. A successful attack can lead to sensitive information disclosure.
Extended Description
The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).
Affected Products
Vmware vcenter_server
References
CVE: CVE-2021-21973
Short Name
HTTP:CTS:VMWARE-VCNTR-PLGN-SSRF
Severity
Minor
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2021-21973 Forgery Plugin Request Server Side VMware vCenter vROPs
Release Date
01/22/2024
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3671
False Positive
Unknown
Vendors
Vmware