Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) before 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system.
Most Upvoted Vulmon Research Post
There is no Researcher post for this vulnerability
Would you like to share something about it?
Sign up now to share your knowledge with the
VMware vRealize Operations 830、820、811、810、750
VMware Cloud Foundation 4x、3x
vRealize Suite Lifecycle Manager 8x
On March 31, 2021, VMware officially released the risk notice of vmsa-2021-0004 The vulnerability numbers are cve-2021-21975 and cve-2021-21983 The vulnerability level is high risk and the vulnerability score i
vRealize RCE + Privesc (CVE-2021-21975, CVE-2021-21983, CVE-0DAY-?????)
"As easy to stop as it is to comprehend"
What is it?
"Reality Smasher" is an exploit for vRealize leveraging the security issues addressed in VMSA-2021-0004 (CVE-2021-21975, CVE-2021-21983) in addition to a privilege escalation vulnerability discovered during testing