Skip to main content Skip to local navigation

Service Advisory - VMware Security Advisory (VMSA-2021-0020)

Service Advisory - VMware Security Advisory (VMSA-2021-0020)


A picture containing text  Description automatically generated


Service Advisory


Please share the following information with your teams.


VMware published a new critical security advisory (VMSA-2021-0020) to address multiple vulnerabilities in vCenter Server (versions 6.5, 6.7 and 7) and Cloud Foundation (versions 3.x and 4.x). Exploitation of some of these vulnerabilities could lead to privilege escalation, remote code execution, access to restricted endpoints or to the manipulation of VM network settings.


Severity level 

CVSS Score: 4.3 - 9.8



The most urgent among the 19 vulnerabilities is an arbitrary file upload vulnerability in the Analytics service (CVE-2021-22005). A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file. This vulnerability can be used by anyone who can reach vCenter Server over the network to gain access, regardless of the configuration settings of vCenter Server.


Affected Versions

VMware vCenter Server (versions 6.5, 6.7 and 7.0), VMware Cloud Foundation (vCenter Server - versions 3.x and 4.x).



An attacker could exploit these vulnerability to take control of an affected device.



VMware products need to be updated or the mitigation measures should be applied in line with the VMware Advisory





UIT Client Services at or 416 736 5800


This email was sent by: York University, 4700 Keele Street, Toronto, Ontario M3J 1P3

This email is viewed best in Microsoft Outlook for web