CVE-2021-21973 VMware CVE debrief

Who should care

Organizations running VMware vCenter Server or VMware Cloud Foundation, especially teams responsible for virtualization platforms, infrastructure management, and vulnerability remediation. Security operations and patch management teams should prioritize this CVE because CISA has identified it as known exploited.

Technical summary

The supplied official records identify the issue as a server-side request forgery (SSRF) vulnerability in VMware vCenter Server and Cloud Foundation. The CISA KEV record confirms it is a known exploited vulnerability and points defenders to vendor updates as the required remediation path. No additional technical details, affected versions, or exploit mechanics are provided in the supplied corpus.

Defensive priority

Critical priority for patching and exposure review because CISA lists the CVE as known exploited. Remediation should be treated as urgent, with the vendor update path followed as soon as possible.

Recommended defensive actions

• Apply the vendor-recommended updates for VMware vCenter Server and Cloud Foundation.
• Review asset inventory to confirm where VMware vCenter Server and Cloud Foundation are deployed.
• Prioritize internet-exposed or broadly accessible management systems for immediate remediation.
• Validate patch status and document completion for KEV reporting and internal tracking.
• Monitor for any vendor follow-on guidance or advisories tied to this CVE.

Evidence notes

The official evidence corpus includes the CVE record, NVD detail page, and CISA’s Known Exploited Vulnerabilities catalog. CISA’s KEV metadata lists VMware vCenter Server and Cloud Foundation, identifies the vulnerability as SSRF, marks it as known exploited, and specifies the required action: apply updates per vendor instructions. Published and KEV-added date in the supplied timeline is 2022-03-07, with a due date of 2022-03-21.

Official resources