What is the severity of CVE-2021-22005?

CVE-2021-22005 has a CVSS Base Score of 9.8/10 and is classified as Critical severity. It is important to assess the risk based on your specific environment.

How do I fix CVE-2021-22005?

Remediation typically involves updating the affected software products to the latest patched version. Refer to the 'Affected Products' and 'Remediation' sections on this page for specific mitigation steps and vendor advisories.

Home→Vulnerabilities→CVE-2021-22005

Critical Risk Active Exploitation

CVE-2021-22005

The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.

Share this vulnerability:

⚠️

Confirmed Active Exploitation

This vulnerability is listed in the CISA KEV Catalog. Federal agencies are mandated to patch immediately. Immediate remediation is required.

🚨

Public Exploit Available

A Proof-of-Concept (PoC) or exploit code for this vulnerability is publicly available. This significantly increases the risk of exploitation.

Exploitation Probability (EPSS)

Critical Priority

94.46%

The Exploit Prediction Scoring System (EPSS) uses machine learning to estimate the probability that a vulnerability will be exploited in the wild within the next 30 days.

0% (Theoretical)100% (Certainty)