News

Vulnerabilities and Exposures for VMware vCenter Server (19 vulnerabilities including CVE-2021-22005)


Thank you for using Enterprise Cloud (ECL) service.

In the Hypervisor menu for ECL2.0, vulnerabilities (19 vulnerabilities including CVE-2021-22005) were found in VMware vCenter Server provided by VMware. We will inform you of the response method and workaround.

Vulnerability information

https://www.vmware.com/security/advisories/VMSA-2021-0020.html

Affected Menu

CVEAffected Menu
CVE-2021-21991, CVE-2021-21992, CVE-2021-21993, CVE-2021-22005, CVE-2021-22006, CVE-2021-22007, CVE-2021-22008, CVE-2021-22009, CVE-2021-22010, CVE-2021-22011, CVE-2021-22012, CVE-2021-22013, CVE-2021-22014, CVE-2021-22015, CVE-2021-22016, CVE-2021-22017, CVE-2021-22018, CVE-2021-22019, CVE-2021-22020Dedicated Hypervisor Guest Image

  • vCenter-Server_6.5_u1e_Standard_not-include-lisence_vSphere-ESXi_001
  • vCenter-Server-Appliance_6.7_u3b_Standard_not-include-license_vSphere-ESXi_001

Countermeasure

Please upgrade to the modified version or perform a workaround.

How to deal with CVE-2021-22005

Workaround

Affected xml files need to be changed.
For more information, please refer to Workaround Instructions for CVE-2021-22005 (85717) (vmware.com).

Solution

Please apply the patch to vCenter Server. The patch for each version is following site.

* VMware account is required. If you cannot download it, please contact us with tickets.

Minor VersionFixed VersionURL
vCenter Server 6.76.7 U3ohttps://docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-vcenter-server-67u3o-release-notes.html
vCenter Server 6.56.5 U3qhttps://docs.vmware.com/en/VMware-vSphere/6.5/rn/vsphere-vcenter-server-65u3q-release-notes.html

 

Thank you.