A fake CVE.
VMware vCenter Server file upload vulnerability POC
If below command response with anything other than 404, the application is vulnerable:
curl -X POST "http://HOST:PORT/analytics/telemetry/ph/api/hyper/send?_c&_i=test" -d "Test_Workaround" -H "Content-Type: application/json" -v 2>&1 | grep HTTP
POCs for Atlassian Confluence Server Arbitrary File Read:
VMware vCenter Server vSphere Client remote code execution
Attackers can gain root privilege by exploiting CVE-2021-21972. This is an easy to exploit vulnerability. Therefore future exploitation is likely.
Also, this vulnerability exists in all default installations.
Apply workarounds urgently: https://kb.vmware.com/s/article/82374