VMware addresses SSRF, arbitrary file read flaws in vCenter Server

24-Nov-21

VMware has released security updates for vCenter Server after fixing arbitrary file read and serverside request forgery (SSRF) vulnerabilities in the vSphere Web Client (FLEX/Flash).

With a CVSS rating of 7.5, the most severe is the arbitrary file read bug (CVE202121980), abuse of which could potentially enable a malicious actor to gain access to sensitive information.

Read More…