CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31672
https://notcve.org/view.php?id=CVE-2022-31672
09 Aug 2022 — VMware vRealize Operations contains a privilege escalation vulnerability. A malicious actor with administrative network access can escalate privileges to root. VMware vRealize Operations contiene una vulnerabilidad de escalada de privilegios. Un actor malicioso con acceso administrativo a la red puede escalar los privilegios a root • https://www.vmware.com/security/advisories/VMSA-2022-0022.html •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22034
https://notcve.org/view.php?id=CVE-2021-22034
21 Oct 2021 — Releases prior to VMware vRealize Operations Tenant App 8.6 contain an Information Disclosure Vulnerability. Las versiones anteriores a VMware vRealize Operations Tenant App versión 8.6, contienen una vulnerabilidad de Divulgación de Información • https://www.vmware.com/security/advisories/VMSA-2021-0024.html •
CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0CVE-2021-22033
https://notcve.org/view.php?id=CVE-2021-22033
13 Oct 2021 — Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability. Las versiones anteriores a VMware vRealize Operations versión 8.6, contienen una vulnerabilidad de tipo Server Side Request Forgery (SSRF) • https://www.vmware.com/security/advisories/VMSA-2021-0021.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-22025
https://notcve.org/view.php?id=CVE-2021-22025
30 Aug 2021 — The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerability leading to unauthenticated API access. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can add new nodes to existing vROps cluster. La API de vRealize Operations Manager (versiones 8.x anteriores a 8.5) contiene una vulnerabilidad de control de acceso rota, conllevando a un acceso no autenticado a la API. Un actor malicioso no autenticado con acceso a la red de ... • https://www.vmware.com/security/advisories/VMSA-2021-0018.html • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-22027
https://notcve.org/view.php?id=CVE-2021-22027
30 Aug 2021 — The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure. La API de vRealize Operations Manager (versiones 8.x anteriores a 8.5) contiene una falsificación de petición del lado del servidor en un endpoint. Un actor malicioso no autenticado con acceso a la red a la API de vRealize ... • https://www.vmware.com/security/advisories/VMSA-2021-0018.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-22026
https://notcve.org/view.php?id=CVE-2021-22026
30 Aug 2021 — The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure. La API de vRealize Operations Manager (versiones 8.x anteriores a 8.5) contiene una vulnerabilidad de tipo Server Side Request Forgery en un endpoint. Un actor malicioso no autenticado con acceso a la red de la API de vReal... • https://www.vmware.com/security/advisories/VMSA-2021-0018.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-22024
https://notcve.org/view.php?id=CVE-2021-22024
30 Aug 2021 — The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can read any log file resulting in sensitive information disclosure. La API de vRealize Operations Manager (versiones 8.x anteriores a 8.5) contiene una vulnerabilidad de lectura arbitraria de archivos de registro. Un actor malicioso no autenticado con acceso a la red de la API de vRealize Operations Manager pu... • https://www.vmware.com/security/advisories/VMSA-2021-0018.html • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2021-22023
https://notcve.org/view.php?id=CVE-2021-22023
30 Aug 2021 — The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover. La API de vRealize Operations Manager (versiones 8.x anteriores a 8.5) presenta una vulnerabilidad de referencia a objetos inseguros. Un actor malicioso con acceso administrativo a la API de vRealize Operations Manager puede ser capaz de modificar la inf... • https://www.vmware.com/security/advisories/VMSA-2021-0018.html • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 4.9EPSS: 0%CPEs: 5EXPL: 0CVE-2021-22022
https://notcve.org/view.php?id=CVE-2021-22022
30 Aug 2021 — The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability. A malicious actor with administrative access to vRealize Operations Manager API can read any arbitrary file on server leading to information disclosure. La API de vRealize Operations Manager ( versiones 8.x anteriores a 8.5), contiene una vulnerabilidad de lectura arbitraria de archivos. Un actor malicioso con acceso administrativo a la API de vRealize Operations Manager puede leer cualquier archivo arbitra... • https://www.vmware.com/security/advisories/VMSA-2021-0018.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 94%CPEs: 27EXPL: 10CVE-2021-21975 – VMware Server Side Request Forgery in vRealize Operations Manager API
https://notcve.org/view.php?id=CVE-2021-21975
31 Mar 2021 — Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials. una vulnerabilidad de Server Side Request Forgery en la API vRealize Operations Manager (CVE-2021-21975) anterior a la versión 8.4, puede permitir que un actor malicioso con acceso de red a la API vRealize Operations Manager pueda realizar un ata... • https://packetstorm.news/files/id/162349 • CWE-918: Server-Side Request Forgery (SSRF) •