News

Vulnerabilities and Exposures for VMware vCenter Server (CVE-2021-21985, CVE-2021-21986)


Thank you for using Enterprise Cloud (ECL) service.

In the Hypervisor menu for SDPF/ECL, vulnerabilities (CVE-2021-21985, CVE-2021-21986) were found in VMware vCenter Server provided by VMware. We will inform you of the response method and workaround.

Vulnerability information

https://www.vmware.com/security/advisories/VMSA-2021-0010.html

Affected Menu

CVEAffected Menu
CVE-2021-21985, CVE-2021-21986

Dedicated Hypervisor Guest Image

  • vCenter-Server_6.5_u1e_Standard_not-include-lisence_vSphere-ESXi_001
  • vCenter-Server-Appliance_6.7_u3b_Standard_not-include-license_vSphere-ESXi_001

Countermeasure

Please upgrade to the modified version or perform a workaround.

How to deal with CVE-2021-21985 and CVE-2021-21986

Workaround

Solution

  • Please apply the patch to vCenter Server. The patch for each version is following site.
    * VMware account is required. If you cannot download it, please contact us with tickets.
Minor VersionFixed VersionURL
vCenter Server 6.76.7 U3nhttps://docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-vcenter-server-67u3n-release-notes.html
vCenter Server 6.56.5 U3phttps://docs.vmware.com/en/VMware-vSphere/6.5/rn/vsphere-vcenter-server-65u3p-release-notes.html

 

Thank you.