5
CVSSv2

CVE-2021-21975

Published: 31/03/2021 Updated: 05/04/2021
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) before 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

vmare vrealize operations manager 7.0.0

vmare vrealize operations manager 7.5.0

vmare vrealize operations manager 8.0.0

vmare vrealize operations manager 8.0.1

vmare vrealize operations manager 8.1.0

vmare vrealize operations manager 8.1.1

vmare vrealize operations manager 8.2.0

vmare vrealize operations manager 8.3.0

vmware cloud foundation 3.0

vmware cloud foundation 3.0.1

vmware cloud foundation 3.0.1.1

vmware cloud foundation 3.5

vmware cloud foundation 3.5.1

vmware cloud foundation 3.7

vmware cloud foundation 3.7.1

vmware cloud foundation 3.7.2

vmware cloud foundation 3.8

vmware cloud foundation 3.8.1

vmware cloud foundation 3.9

vmware cloud foundation 3.9.1

vmware cloud foundation 3.10

vmware cloud foundation 4.0

vmware cloud foundation 4.0.1

vmware vrealize suite lifecycle manager 8.0

vmware vrealize suite lifecycle manager 8.0.1

vmware vrealize suite lifecycle manager 8.1

vmware vrealize suite lifecycle manager 8.2

Github Repositories

CVE-2021-21975 [CVE-2021-21975] VMware vRealize Operations Manager API Server Side Request Forgery (SSRF)

CVE-2021-21975 Nmap script to check vulnerability CVE-2021-21975

VMWare-vRealize-SSRF VMWare vRealize SSRF-CVE-2021-21975 #USE python CVE-2021-21975py

CVE2021-21975 VMware vRealize SSRF Exploit Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 84 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials Installation git clone githubcom/CyberCommands/CVE2021-2197

0x00 exp_hub 漏洞复现 0x01 注 该项目仅供合法的渗透测试以及爱好者参考学习,请各位遵守《中华人民共和国网络安全法》以及相应地方的法律,禁止使用该项目进行违法操作,否则自行承担相关责任! 0x02 VMware CVE-2021-21975 VMware vRealize Operations Manager SSRF漏洞

Impacted Products VMware vRealize Operations 830、820、811、810、750 VMware Cloud Foundation 4x、3x vRealize Suite Lifecycle Manager 8x Description On March 31, 2021, VMware officially released the risk notice of vmsa-2021-0004 The vulnerability numbers are cve-2021-21975 and cve-2021-21983 The vulnerability level is high risk and the vulnerability score i

CVE-2021-21975_VMware_SSRF 声明:请勿用于违法行为,否则后果自负! python CVE_2021_21975_VMware_SSRFpy -h Version:VMware vRealize Operations 830、820、811、810、801、800、750 Version:VMware Cloud Foundation 4x,3x Version:vRealize Suite Lifecycle Manager 8x github:githubcom/l

CVE-2021-21975 Nmap script to check vulnerability CVE-2021-21975

REALITY_SMASHER vRealize RCE + Privesc (CVE-2021-21975, CVE-2021-21983, CVE-0DAY-?????) "As easy to stop as it is to comprehend" What is it? "Reality Smasher" is an exploit for vRealize leveraging the security issues addressed in VMSA-2021-0004 (CVE-2021-21975, CVE-2021-21983) in addition to a privilege escalation vulnerability discovered during testing Ho