VMware vCenter ↗
Summary iPlain-English security verdict for VMware vCenter, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.
VMware vCenter currently scores 85/100 — good. 11 actively-exploited vulnerabilities (CISA KEV) affect older releases (e.g. CVE-2021-22005) — staying on the latest supported version keeps you clear of them. The latest supported release is 9.1.0.0. It's largely safe; apply minor updates as they appear. Note: this product is assessed at the product level on recent (365-day) activity rather than an exact per-version match, so it is never marked a confident "healthy".
Disclosure trend iNew CVEs published for VMware vCenter each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.
⚠ 3 of its known vulnerabilities are linked to ransomware campaigns (CISA KEV).
Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.
Most urgent first — actively exploited, then likeliest to be exploited.
CVE-2021-22005 CRITICAL ● exploited ⚠ ransomware Path traversal EPSS 94% → see advisory CVE-2021-21985 CRITICAL ● exploited ⚠ ransomware Server-side request forgery (SSRF) EPSS 94% → see advisory CVE-2020-3952 CRITICAL ● exploited Missing authentication EPSS 94% → see advisory CVE-2021-21972 CRITICAL ● exploited ⚠ ransomware Path traversal EPSS 94% → see advisory CVE-2023-34048 CRITICAL ● exploited Out-of-bounds write EPSS 93% → see advisory CVE-2021-21973 MEDIUM ● exploited Server-side request forgery (SSRF) EPSS 90% → see advisory CVE-2024-37079 CRITICAL ● exploited Out-of-bounds write EPSS 82% → see advisory CVE-2024-38812 CRITICAL ● exploited CWE-122 EPSS 78% → see advisory CVE-2021-22017 MEDIUM ● exploited EPSS 75% → see advisory CVE-2024-38813 HIGH ● exploited CWE-250 EPSS 30% → see advisory CVE-2022-22948 MEDIUM ● exploited CWE-276 EPSS 26% → see advisory CVE-2015-2342 HIGH EPSS 92% → see advisoryVersions & lifecycle iWhen each release line stops receiving security patches (end-of-life). After EOL there are no more fixes — plan upgrades before these dates.
How long each VMware vCenter release line is supported — and when it sunsets.
ℹ product-level posture (last 365d); exact per-version verdict pending precise version mapping