CVE-2021-21983
VMware vRealize Operations Manager Server-Side Request Forgery / Code Execution
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system.
La vulnerabilidad de escritura arbitraria de archivos en la API vRealize Operations Manager (CVE-2021-21983) anterior a la versiĆ³n 8.4, puede permitir que un actor malicioso autenticado con acceso de red para la API vRealize Operations Manager pueda escribir archivos en ubicaciones arbitrarias en el sistema operativo photon subyacente.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-01-04 CVE Reserved
- 2021-03-31 CVE Published
- 2022-03-16 First Exploit
- 2024-07-17 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://twitter.com/ptswarm/status/1376961747232382976 | ||
https://attackerkb.com/topics/51Vx3lNI7B/cve-2021-21975#rapid7-analysis |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.vmware.com/security/advisories/VMSA-2021-0004.html | 2021-03-30 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Vmware Search vendor "Vmware" | Cloud Foundation Search vendor "Vmware" for product "Cloud Foundation" | 3.0 Search vendor "Vmware" for product "Cloud Foundation" and version "3.0" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Cloud Foundation Search vendor "Vmware" for product "Cloud Foundation" | 3.0.1 Search vendor "Vmware" for product "Cloud Foundation" and version "3.0.1" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Cloud Foundation Search vendor "Vmware" for product "Cloud Foundation" | 3.0.1.1 Search vendor "Vmware" for product "Cloud Foundation" and version "3.0.1.1" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Cloud Foundation Search vendor "Vmware" for product "Cloud Foundation" | 3.5 Search vendor "Vmware" for product "Cloud Foundation" and version "3.5" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Cloud Foundation Search vendor "Vmware" for product "Cloud Foundation" | 3.5.1 Search vendor "Vmware" for product "Cloud Foundation" and version "3.5.1" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Cloud Foundation Search vendor "Vmware" for product "Cloud Foundation" | 3.7 Search vendor "Vmware" for product "Cloud Foundation" and version "3.7" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Cloud Foundation Search vendor "Vmware" for product "Cloud Foundation" | 3.7.1 Search vendor "Vmware" for product "Cloud Foundation" and version "3.7.1" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Cloud Foundation Search vendor "Vmware" for product "Cloud Foundation" | 3.7.2 Search vendor "Vmware" for product "Cloud Foundation" and version "3.7.2" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Cloud Foundation Search vendor "Vmware" for product "Cloud Foundation" | 3.8 Search vendor "Vmware" for product "Cloud Foundation" and version "3.8" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Cloud Foundation Search vendor "Vmware" for product "Cloud Foundation" | 3.8.1 Search vendor "Vmware" for product "Cloud Foundation" and version "3.8.1" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Cloud Foundation Search vendor "Vmware" for product "Cloud Foundation" | 3.9 Search vendor "Vmware" for product "Cloud Foundation" and version "3.9" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Cloud Foundation Search vendor "Vmware" for product "Cloud Foundation" | 3.9.1 Search vendor "Vmware" for product "Cloud Foundation" and version "3.9.1" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Cloud Foundation Search vendor "Vmware" for product "Cloud Foundation" | 3.10 Search vendor "Vmware" for product "Cloud Foundation" and version "3.10" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Cloud Foundation Search vendor "Vmware" for product "Cloud Foundation" | 4.0 Search vendor "Vmware" for product "Cloud Foundation" and version "4.0" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Cloud Foundation Search vendor "Vmware" for product "Cloud Foundation" | 4.0.1 Search vendor "Vmware" for product "Cloud Foundation" and version "4.0.1" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vrealize Operations Manager Search vendor "Vmware" for product "Vrealize Operations Manager" | 7.0.0 Search vendor "Vmware" for product "Vrealize Operations Manager" and version "7.0.0" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vrealize Operations Manager Search vendor "Vmware" for product "Vrealize Operations Manager" | 7.5.0 Search vendor "Vmware" for product "Vrealize Operations Manager" and version "7.5.0" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vrealize Operations Manager Search vendor "Vmware" for product "Vrealize Operations Manager" | 8.0.0 Search vendor "Vmware" for product "Vrealize Operations Manager" and version "8.0.0" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vrealize Operations Manager Search vendor "Vmware" for product "Vrealize Operations Manager" | 8.0.1 Search vendor "Vmware" for product "Vrealize Operations Manager" and version "8.0.1" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vrealize Operations Manager Search vendor "Vmware" for product "Vrealize Operations Manager" | 8.1.0 Search vendor "Vmware" for product "Vrealize Operations Manager" and version "8.1.0" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vrealize Operations Manager Search vendor "Vmware" for product "Vrealize Operations Manager" | 8.1.1 Search vendor "Vmware" for product "Vrealize Operations Manager" and version "8.1.1" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vrealize Operations Manager Search vendor "Vmware" for product "Vrealize Operations Manager" | 8.2.0 Search vendor "Vmware" for product "Vrealize Operations Manager" and version "8.2.0" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vrealize Operations Manager Search vendor "Vmware" for product "Vrealize Operations Manager" | 8.3.0 Search vendor "Vmware" for product "Vrealize Operations Manager" and version "8.3.0" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vrealize Suite Lifecycle Manager Search vendor "Vmware" for product "Vrealize Suite Lifecycle Manager" | 8.0 Search vendor "Vmware" for product "Vrealize Suite Lifecycle Manager" and version "8.0" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vrealize Suite Lifecycle Manager Search vendor "Vmware" for product "Vrealize Suite Lifecycle Manager" | 8.0.1 Search vendor "Vmware" for product "Vrealize Suite Lifecycle Manager" and version "8.0.1" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vrealize Suite Lifecycle Manager Search vendor "Vmware" for product "Vrealize Suite Lifecycle Manager" | 8.1 Search vendor "Vmware" for product "Vrealize Suite Lifecycle Manager" and version "8.1" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vrealize Suite Lifecycle Manager Search vendor "Vmware" for product "Vrealize Suite Lifecycle Manager" | 8.2 Search vendor "Vmware" for product "Vrealize Suite Lifecycle Manager" and version "8.2" | - |
Affected
|