CVE-2021-22017
VMware vCenter Server Improper Access Control
CVSS
—
No CVSS
EPSS
47.6%
p99
KEV
YES
Jan 10, 2022
Exploit Today
80
0-100
Published: — · Last modified: —
46.7%EPSS · 30 days47.6%
2026-06-302026-07-16
Product
VMware / vCenter Server
Vulnerability
VMware vCenter Server Improper Access Control
Added to KEV
Jan 10, 2022
Remediate by
Jan 24, 2022
Known ransomware use
No
Summary description
Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-22017
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2021-21985—100.0%
KEV—80VMware vCenter Server Improper Input Validation Vulnerability—CVE-2021-22005—100.0%
KEV—80VMware vCenter Server File Upload Vulnerability—CVE-2023-34048—99.9%
KEV—80VMware vCenter Server Out-of-Bounds Write Vulnerability—CVE-2021-21972—99.9%
KEV—80VMware vCenter Server Remote Code Execution Vulnerability—CVE-2020-3952—99.8%
KEV—80VMware vCenter Server Information Disclosure Vulnerability—CVE-2024-38812—98.9%
KEV—80VMware vCenter Server Heap-Based Buffer Overflow Vulnerability—