{"cve_id":"CVE-2021-22005","summary":"The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.94457,"ranking_epss":0.99993,"kev":true,"propose_action":"VMware vCenter Server contains a file upload vulnerability in the Analytics service that allows a user with network access to port 443 to execute code.","ransomware_campaign":"Known","references":["http://packetstormsecurity.com/files/164439/VMware-vCenter-Server-Analytics-CEIP-Service-File-Upload.html","https://www.vmware.com/security/advisories/VMSA-2021-0020.html","http://packetstormsecurity.com/files/164439/VMware-vCenter-Server-Analytics-CEIP-Service-File-Upload.html","https://www.vmware.com/security/advisories/VMSA-2021-0020.html","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22005"],"published_time":"2021-09-23T12:15:07","cpes":["cpe:2.3:a:vmware:cloud_foundation:3.0","cpe:2.3:a:vmware:cloud_foundation:3.0.1","cpe:2.3:a:vmware:cloud_foundation:3.0.1.1","cpe:2.3:a:vmware:cloud_foundation:3.10","cpe:2.3:a:vmware:cloud_foundation:3.10.1","cpe:2.3:a:vmware:cloud_foundation:3.10.1.1","cpe:2.3:a:vmware:cloud_foundation:3.10.1.2","cpe:2.3:a:vmware:cloud_foundation:3.10.2","cpe:2.3:a:vmware:cloud_foundation:3.10.2.1","cpe:2.3:a:vmware:cloud_foundation:3.10.2.2","cpe:2.3:a:vmware:cloud_foundation:3.11","cpe:2.3:a:vmware:cloud_foundation:3.11.0.1","cpe:2.3:a:vmware:cloud_foundation:3.5","cpe:2.3:a:vmware:cloud_foundation:3.5.1","cpe:2.3:a:vmware:cloud_foundation:3.7","cpe:2.3:a:vmware:cloud_foundation:3.7.1","cpe:2.3:a:vmware:cloud_foundation:3.7.2","cpe:2.3:a:vmware:cloud_foundation:3.8","cpe:2.3:a:vmware:cloud_foundation:3.8.1","cpe:2.3:a:vmware:cloud_foundation:3.9","cpe:2.3:a:vmware:cloud_foundation:3.9.1","cpe:2.3:a:vmware:cloud_foundation:4.0","cpe:2.3:a:vmware:cloud_foundation:4.0.1","cpe:2.3:a:vmware:cloud_foundation:4.1","cpe:2.3:a:vmware:cloud_foundation:4.1.0.1","cpe:2.3:a:vmware:cloud_foundation:4.2","cpe:2.3:a:vmware:cloud_foundation:4.2.1","cpe:2.3:a:vmware:cloud_foundation:4.3","cpe:2.3:a:vmware:cloud_foundation:4.3.1","cpe:2.3:a:vmware:cloud_foundation:4.3.11","cpe:2.3:a:vmware:cloud_foundation:4.4","cpe:2.3:a:vmware:cloud_foundation:4.4.1","cpe:2.3:a:vmware:cloud_foundation:4.4.1.1","cpe:2.3:a:vmware:cloud_foundation:4.5","cpe:2.3:a:vmware:cloud_foundation:4.5.1","cpe:2.3:a:vmware:cloud_foundation:4.5.2","cpe:2.3:a:vmware:vcenter_server:6.5","cpe:2.3:a:vmware:vcenter_server:6.7","cpe:2.3:a:vmware:vcenter_server:7.0"]}