{
	"id": "97406fb9-d265-4e1f-bffa-5f2c4b4eaee9",
	"created_at": "2026-04-06T03:37:20.886318Z",
	"updated_at": "2026-04-10T03:22:03.429602Z",
	"deleted_at": null,
	"sha1_hash": "9e3eda5f5f9d84f235e41600806b0f832ccf99b5",
	"title": "Code-execution flaw in VMware has a severity rating of 9.8 out of 10",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 37117,
	"plain_text": "Code-execution flaw in VMware has a severity rating of 9.8 out of\r\n10\r\nBy Dan Goodin\r\nPublished: 2021-02-25 · Archived: 2026-04-06 03:31:39 UTC\r\nHackers are mass-scanning the Internet in search of VMware servers with a newly disclosed code-execution\r\nvulnerability that has a severity rating of 9.8 out of a possible 10.\r\nCVE-2021-21972, as the security flaw is tracked, is a remote code-execution vulnerability in VMware vCenter\r\nserver, an application for Windows or Linux that administrators use to enable and manage virtualization of large\r\nnetworks. Within a day of VMware issuing a patch, proof-of-concept exploits appeared from at least six different\r\nsources. The severity of the vulnerability, combined with the availability of working exploits for both Windows\r\nand Linux machines, sent hackers scrambling to actively find vulnerable servers.\r\n“We’ve detected mass scanning activity targeting vulnerable VMware vCenter servers\r\n(https://vmware.com/security/advisories/VMSA-2021-0002.html),” researcher Troy Mursch of Bad Packets wrote.\r\nMursch said that the BinaryEdge search engine found almost 15,000 vCenter servers exposed to the Internet,\r\nwhile Shodan searches revealed about 6,700. The mass scanning is aiming to identify servers that have not yet\r\ninstalled the patch, which VMware released on Tuesday.\r\nUnfettered code execution, no authorization required\r\nCVE-2021-21972 allows hacker with no authorization to upload files to vulnerable vCenter servers that are\r\npublicly accessible over port 443, researchers from security firm Tenable said. Successful exploits will result in\r\nhackers gaining unfettered remote code-execution privileges in the underlying operating system. The vulnerability\r\nstems from a lack of authentication in the vRealize Operations plugin, which is installed by default.\r\nThe flaw has received a severity score of 9.8 out of 10.0 on the Common Vulnerability Scoring System Version\r\n3.0. Mikhail Klyuchnikov, the Positive Technologies researcher who discovered the vulnerability and privately\r\nreported it to VMware, compared the risk posed by CVE-2021-21972 to that of CVE-2019-19781, a critical\r\nvulnerability in the Citrix Application Delivery Controller.\r\nSource: https://arstechnica.com/information-technology/2021/02/armed-with-exploits-hackers-on-the-prowl-for-a-critical-vmware-vulnerabilit\r\ny/\r\nhttps://arstechnica.com/information-technology/2021/02/armed-with-exploits-hackers-on-the-prowl-for-a-critical-vmware-vulnerability/\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://arstechnica.com/information-technology/2021/02/armed-with-exploits-hackers-on-the-prowl-for-a-critical-vmware-vulnerability/"
	],
	"report_names": [
		"armed-with-exploits-hackers-on-the-prowl-for-a-critical-vmware-vulnerability"
	],
	"threat_actors": [],
	"ts_created_at": 1775446640,
	"ts_updated_at": 1775791323,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/9e3eda5f5f9d84f235e41600806b0f832ccf99b5.pdf",
		"text": "https://archive.orkl.eu/9e3eda5f5f9d84f235e41600806b0f832ccf99b5.txt",
		"img": "https://archive.orkl.eu/9e3eda5f5f9d84f235e41600806b0f832ccf99b5.jpg"
	}
}