Vulnerability CVE-2021-21983
Published: 2021-03-31

Description:
Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system.

See advisories in our WLB2 database:
Topic
Author
Date
High
VMware vRealize Operations Manager Server-Side Request Forgery / Code Execution
wvu
30.04.2021

Type:

NVD-CWE-noinfo

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
8.5/10
9.2/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
Complete
Complete
Affected software
Vmware -> Cloud foundation 
Vmware -> Vrealize suite lifecycle manager 
Vmare -> Vrealize operations manager 

 References:
https://www.vmware.com/security/advisories/VMSA-2021-0004.html
Copyright 2024, cxsecurity.com

 

Back to Top