Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/162349/VMware-vRealize-Operations-Manager-Server-Side-Request-Forgery-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
https://www.vmware.com/security/advisories/VMSA-2021-0004.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
01 Feb 2022, 17:45
Type | Values Removed | Values Added |
---|---|---|
First Time |
Vmware vrealize Operations Manager
|
|
CPE | cpe:2.3:a:vmare:vrealize_operations_manager:8.3.0:*:*:*:*:*:*:* cpe:2.3:a:vmare:vrealize_operations_manager:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:vmare:vrealize_operations_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:vmare:vrealize_operations_manager:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:vmare:vrealize_operations_manager:8.0.1:*:*:*:*:*:*:* cpe:2.3:a:vmare:vrealize_operations_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:vmare:vrealize_operations_manager:8.1.0:*:*:*:*:*:*:* |
cpe:2.3:a:vmware:vrealize_operations_manager:8.0.1:*:*:*:*:*:*:* cpe:2.3:a:vmware:vrealize_operations_manager:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:vmware:vrealize_operations_manager:8.0.0:*:*:*:*:*:*:* cpe:2.3:a:vmware:vrealize_operations_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:vmware:vrealize_operations_manager:8.3.0:*:*:*:*:*:*:* cpe:2.3:a:vmware:vrealize_operations_manager:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:vmware:vrealize_operations_manager:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:vmware:vrealize_operations_manager:8.1.1:*:*:*:*:*:*:* |
05 May 2021, 14:23
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://packetstormsecurity.com/files/162349/VMware-vRealize-Operations-Manager-Server-Side-Request-Forgery-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry |
27 Apr 2021, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 Apr 2021, 17:48
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 8.5
v3 : 6.5 |
CPE | cpe:2.3:a:vmare:vrealize_operations_manager:8.0.0:*:*:*:*:*:*:* cpe:2.3:a:vmware:cloud_foundation:3.0:*:*:*:*:*:*:* cpe:2.3:a:vmware:cloud_foundation:3.5:*:*:*:*:*:*:* cpe:2.3:a:vmware:cloud_foundation:4.0.1:*:*:*:*:*:*:* cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.1:*:*:*:*:*:*:* cpe:2.3:a:vmware:cloud_foundation:3.7.1:*:*:*:*:*:*:* cpe:2.3:a:vmware:cloud_foundation:3.7:*:*:*:*:*:*:* cpe:2.3:a:vmare:vrealize_operations_manager:8.3.0:*:*:*:*:*:*:* cpe:2.3:a:vmare:vrealize_operations_manager:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:vmare:vrealize_operations_manager:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:vmware:cloud_foundation:3.8.1:*:*:*:*:*:*:* cpe:2.3:a:vmware:cloud_foundation:3.9.1:*:*:*:*:*:*:* cpe:2.3:a:vmware:cloud_foundation:3.0.1:*:*:*:*:*:*:* cpe:2.3:a:vmware:cloud_foundation:3.5.1:*:*:*:*:*:*:* cpe:2.3:a:vmware:cloud_foundation:3.10:*:*:*:*:*:*:* cpe:2.3:a:vmare:vrealize_operations_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:vmare:vrealize_operations_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:vmware:cloud_foundation:3.9:*:*:*:*:*:*:* cpe:2.3:a:vmware:cloud_foundation:3.7.2:*:*:*:*:*:*:* cpe:2.3:a:vmare:vrealize_operations_manager:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:vmare:vrealize_operations_manager:8.0.1:*:*:*:*:*:*:* cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.0:*:*:*:*:*:*:* cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.2:*:*:*:*:*:*:* cpe:2.3:a:vmware:cloud_foundation:3.8:*:*:*:*:*:*:* cpe:2.3:a:vmware:cloud_foundation:3.0.1.1:*:*:*:*:*:*:* cpe:2.3:a:vmware:cloud_foundation:4.0:*:*:*:*:*:*:* cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.0.1:*:*:*:*:*:*:* |
|
CWE | NVD-CWE-noinfo | |
References | (MISC) https://www.vmware.com/security/advisories/VMSA-2021-0004.html - Vendor Advisory |
31 Mar 2021, 19:01
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-03-31 18:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-21983
Mitre link : CVE-2021-21983
CVE.ORG link : CVE-2021-21983
JSON object : View
Products Affected
vmware
- cloud_foundation
- vrealize_suite_lifecycle_manager
- vrealize_operations_manager
CWE