CVE-2021-21972
- VMware-VCSA-all-6.7.0-8217866、VMware-VIM-all-6.7.0-8217866 On 2021-02-24 ✔
- vCenter 6.5 Linux/Window Waiting For Test
- vCenter 6.7 Linux/Window Waiting For Test
- vCenter 7.0 Linux/Window Waiting For Test
- 漏洞为任意文件上传
- 存在问题的接口为
/ui/vropspluginui/rest/services/uploadova,完整路径(https://domain.com/ui/vropspluginui/rest/services/uploadova) - 仓库内的
payload文件夹内的tar文件为默认冰蝎3 webshell
- 仅供安全研究