The Suite REST API in VMware vRealize Operations (aka vROps) 6.x prior to 6.4.0 allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a relay-request payload that is mishandled during deserialization.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vmware vrealize operations 6.2.1 |
||
vmware vrealize operations 6.3.0 |
||
vmware vrealize operations 6.1.0 |
||
vmware vrealize operations 6.2.0a |
||
vmware vrealize operations 6.0.0 |