diff --git a/cves/2021/CVE-2021-21972.yaml b/cves/2021/CVE-2021-21972.yaml
new file mode 100644
index 0000000000..788aed0526
--- /dev/null
+++ b/cves/2021/CVE-2021-21972.yaml
@@ -0,0 +1,28 @@
+id: CVE-2021-21972
+
+info:
+  name: VMware vCenter Unauthorized RCE
+  author: dwisiswant0
+  severity: critical
+  reference: https://swarm.ptsecurity.com/unauth-rce-vmware/
+  description: The vulnerability allows unauthenticated remote attackers to upload file leading to remote code execution (RCE). This templates only detects the plugin.
+  tags: cve,cve2021,vmware,rce
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/ui/vropspluginui/rest/services/getstatus"
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+      - type: word
+        words:
+          - "VSPHERE-UI-JSESSIONID"
+        part: header
+        condtion: and
+      - type: regex
+        regex:
+          - "(Install|Config) Final Progress"
+        part: body