VMware vCenter SDK API Probe for 2026-03-02

Mar 02, 2026 WebExploit

Last Updated: 12:16 UTC

/sdk is the vCenter Managed Object Browser and SOAP API endpoint. CVE-2021-22005 (file upload RCE via analytics service) and CVE-2021-21985 (vSphere Client plugin RCE) both achieve unauthenticated code execution against the vCenter management plane.

CVE References

CVE-2021-22005 CVE-2021-21985

MITRE ATT&CK

Tactic: Initial Access (TA0001)
Technique: T1190 — Exploit Public-Facing Application

Observed URIs

/sdk/
/analytics/ceip/sdk/..;/..;/..;/analytics/ph/api/dataapp/agent?_c=vSphere.vapi.6_7&_i=9D36C850-1612-4EC4-B8DD-50BA239...
/server/sdk/rest/index.html

Attackers by Country

IP Address : ASN : City/Provider

198.167.197.162 : AS39287 ab stract : Sweden

Share on: