Unauthenticated Appliance Management API in vCenter Server Allows Information Disclosure

Unauthenticated Appliance Management API in vCenter Server Allows Information Disclosure

CVE-2021-22012 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.

Learn more about our Cis Benchmark Audit For Server Software.