cve/2021/CVE-2021-21993.md

### [CVE-2021-21993](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21993)
![](https://img.shields.io/static/v1?label=Product&message=VMware%20vCenter%20Server%2C%20VMware%20Cloud%20Foundation&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=SSRF%20vulnerability&color=brighgreen)

### Description

The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosure.

### POC

#### Reference
- https://www.vmware.com/security/advisories/VMSA-2021-0020.html

#### Github
No PoCs found on GitHub currently.
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2021-21993](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21993)`
			`![](https://img.shields.io/static/v1?label=Product&message=VMware%20vCenter%20Server%2C%20VMware%20Cloud%20Foundation&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=SSRF%20vulnerability&color=brighgreen)`

			`### Description`

			`The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosure.`

			`### POC`

			`#### Reference`
			`- https://www.vmware.com/security/advisories/VMSA-2021-0020.html`

			`#### Github`
			`No PoCs found on GitHub currently.`