CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2021-22023
https://notcve.org/view.php?id=CVE-2021-22023
The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover. La API de vRealize Operations Manager (versiones 8.x anteriores a 8.5) presenta una vulnerabilidad de referencia a objetos inseguros. Un actor malicioso con acceso administrativo a la API de vRealize Operations Manager puede ser capaz de modificar la información de otros usuarios, conllevando a una toma de posesión de la cuenta. • https://www.vmware.com/security/advisories/VMSA-2021-0018.html • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 4.9EPSS: 0%CPEs: 5EXPL: 0CVE-2021-22022
https://notcve.org/view.php?id=CVE-2021-22022
The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability. A malicious actor with administrative access to vRealize Operations Manager API can read any arbitrary file on server leading to information disclosure. La API de vRealize Operations Manager ( versiones 8.x anteriores a 8.5), contiene una vulnerabilidad de lectura arbitraria de archivos. Un actor malicioso con acceso administrativo a la API de vRealize Operations Manager puede leer cualquier archivo arbitrario en el servidor, conllevando a una divulgación de información. • https://www.vmware.com/security/advisories/VMSA-2021-0018.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 97%CPEs: 27EXPL: 6CVE-2021-21975 – VMware Server Side Request Forgery in vRealize Operations Manager API
https://notcve.org/view.php?id=CVE-2021-21975
Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials. una vulnerabilidad de Server Side Request Forgery en la API vRealize Operations Manager (CVE-2021-21975) anterior a la versión 8.4, puede permitir que un actor malicioso con acceso de red a la API vRealize Operations Manager pueda realizar un ataque de tipo Server Side Request Forgery para robar credenciales administrativas. Server Side Request Forgery (SSRF) in vRealize Operations Manager API prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API to perform a SSRF attack to steal administrative credentials. • https://github.com/GuayoyoCyber/CVE-2021-21975 https://github.com/Al1ex/CVE-2021-21975 https://github.com/murataydemir/CVE-2021-21975 https://github.com/Vulnmachines/VMWare-CVE-2021-21975 https://github.com/dorkerdevil/CVE-2021-21975 http://packetstormsecurity.com/files/162349/VMware-vRealize-Operations-Manager-Server-Side-Request-Forgery-Code-Execution.html https://www.vmware.com/security/advisories/VMSA-2021-0004.html https://twitter.com/ptswarm/status/1376961747232382976 https://attackerkb.com/topi • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.5EPSS: 0%CPEs: 27EXPL: 2CVE-2021-21983 – VMware vRealize Operations Manager Server-Side Request Forgery / Code Execution
https://notcve.org/view.php?id=CVE-2021-21983
Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system. La vulnerabilidad de escritura arbitraria de archivos en la API vRealize Operations Manager (CVE-2021-21983) anterior a la versión 8.4, puede permitir que un actor malicioso autenticado con acceso de red para la API vRealize Operations Manager pueda escribir archivos en ubicaciones arbitrarias en el sistema operativo photon subyacente. • https://github.com/murataydemir/CVE-2021-21983 http://packetstormsecurity.com/files/162349/VMware-vRealize-Operations-Manager-Server-Side-Request-Forgery-Code-Execution.html https://www.vmware.com/security/advisories/VMSA-2021-0004.html https://twitter.com/ptswarm/status/1376961747232382976 https://attackerkb.com/topics/51Vx3lNI7B/cve-2021-21975#rapid7-analysis •
CVSS: 6.0EPSS: 0%CPEs: 6EXPL: 0CVE-2020-5414 – App Autoscaler logs credentials
https://notcve.org/view.php?id=CVE-2020-5414
VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7) contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware Tanzu Operations Manager; however, the unredacted logs are available to authenticated users of the BOSH Director. This credential would grant administrative privileges to a malicious user. The same versions of App Autoscaler also log the App Autoscaler Broker password. Prior to newer versions of Operations Manager, this credential was not redacted from logs. • https://tanzu.vmware.com/security/cve-2020-5414 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •