NVD disclosure day

Published threat advisories for February 24, 2021

CVE-2021-21973

VMware vCenter Server Information Disclosure Vulnerability

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

A vulnerability in VMware vCenter Server and Cloud Foundation allows unauthorized access to sensitive information through improper URL validation. This poses a risk of information disclosure to affected organizations.

NVD published: February 24, 2021 • CISA KEV

CVE advisoryKnown Exploit

CVE-2021-21972

VMware vCenter Server Plugin Remote Code Execution.

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

A vulnerability in VMware vCenter Server's vSphere Client allows unauthorized network access to execute commands with unrestricted privileges. This impacts organizations using affected versions, posing a risk to operating systems and data.

NVD published: February 24, 2021 • CISA KEV