Skip to main content

Advisory Type: IT Security

Severity: Critical

Summary: PDS is providing the following communication to build awareness of a critical vulnerability and patch availability affecting VMware vCenter Server.

On September 21, 2021, VMware posted advisory VMSA-2021-0020 disclosing that 19 vulnerabilities exist in VMware vCenter Server versions 6.5, 6.7, and 7.0. The vulnerabilities involve the following types of vulnerabilities:

  • arbitrary file upload
  • local privilege escalation
  • reverse proxy bypass
  • unauthenticated API endpoint
  • file path traversal
  • reflected cross-site scripting (XSS)
  • rhttpproxy bypass
  • authenticated code execution
  • arbitrary file deletion
  • XML parsing denial-of-service
  • local information disclosure
  • denial of service
  • VAPI multiple denial of service
  • VPXD multiple denial of service
  • Server-Side Request Forgery (SSRF)

Updates are available for the three listed versions to resolve the vulnerability.

We strongly advise customers to review the VMware advisory and patching information. PDS Architects are available to assist with the updates, your Account Director can assist in arranging support for this issue.