CVE-2021-21973
VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability
CVSS
—
No CVSS
EPSS
88.0%
p100
KEV
YES
Mar 7, 2022
Exploit Today
80
0-100
Published: — · Last modified: —
88.0%EPSS · 30 days88.0%
2026-06-302026-07-16
Product
VMware / vCenter Server and Cloud Foundation
Vulnerability
VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability
Added to KEV
Mar 7, 2022
Remediate by
Mar 21, 2022
Known ransomware use
No
Summary description
VMware vCenter Server and Cloud Foundation Server contain a SSRF vulnerability due to improper validation of URLs in a vCenter Server plugin. This allows for information disclosure.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-21973
No related CVEs by CWE or product.