| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2021-21973 | VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability | primary_impact | T1046 | Network Service Discovery |
Comments
This vulnerability is exploited through an SSRF (Server Side Request Forgery) flaw in the vSphere Client (HTML5) of VMware's vCenter Server, affecting the vCenter Server plugin. Attackers leverage this vulnerability to gain unauthorized access by sending a crafted POST request to the vCenter Server plugin, thereby bypassing URL validation. This manipulation enables the disclosure of sensitive information. By exploiting this flaw, attackers can scan the company's internal network and retrieve specifics about open ports and services.
References
|
| CVE-2021-21973 | VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability | exploitation_technique | T1190 | Exploit Public-Facing Application |
Comments
This vulnerability is exploited through an SSRF (Server Side Request Forgery) flaw in the vSphere Client (HTML5) of VMware's vCenter Server, affecting the vCenter Server plugin. Attackers leverage this vulnerability to gain unauthorized access by sending a crafted POST request to the vCenter Server plugin, thereby bypassing URL validation. This manipulation enables the disclosure of sensitive information. By exploiting this flaw, attackers can scan the company's internal network and retrieve specifics about open ports and services.
References
|