Published: 31/03/2021 Updated: 05/04/2021
CVSS v2 Base Score: 8.5 | Impact Score: 9.2 | Exploitability Score: 8
CVSS v3 Base Score: 6.5 | Impact Score: 5.2 | Exploitability Score: 1.2
Vector: AV:N/AC:L/Au:S/C:N/I:C/A:C

Vulnerability Summary

Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) before 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

vmare vrealize operations manager 7.0.0

vmare vrealize operations manager 7.5.0

vmare vrealize operations manager 8.0.0

vmare vrealize operations manager 8.0.1

vmare vrealize operations manager 8.1.0

vmare vrealize operations manager 8.1.1

vmare vrealize operations manager 8.2.0

vmare vrealize operations manager 8.3.0

vmware cloud foundation 3.0

vmware cloud foundation 3.0.1

vmware cloud foundation

vmware cloud foundation 3.5

vmware cloud foundation 3.5.1

vmware cloud foundation 3.7

vmware cloud foundation 3.7.1

vmware cloud foundation 3.7.2

vmware cloud foundation 3.8

vmware cloud foundation 3.8.1

vmware cloud foundation 3.9

vmware cloud foundation 3.9.1

vmware cloud foundation 3.10

vmware cloud foundation 4.0

vmware cloud foundation 4.0.1

vmware vrealize suite lifecycle manager 8.0

vmware vrealize suite lifecycle manager 8.0.1

vmware vrealize suite lifecycle manager 8.1

vmware vrealize suite lifecycle manager 8.2

Github Repositories

Impacted Products VMware vRealize Operations 830、820、811、810、750 VMware Cloud Foundation 4x、3x vRealize Suite Lifecycle Manager 8x Description On March 31, 2021, VMware officially released the risk notice of vmsa-2021-0004 The vulnerability numbers are cve-2021-21975 and cve-2021-21983 The vulnerability level is high risk and the vulnerability score i

REALITY_SMASHER vRealize RCE + Privesc (CVE-2021-21975, CVE-2021-21983, CVE-0DAY-?????) "As easy to stop as it is to comprehend" What is it? "Reality Smasher" is an exploit for vRealize leveraging the security issues addressed in VMSA-2021-0004 (CVE-2021-21975, CVE-2021-21983) in addition to a privilege escalation vulnerability discovered during testing Ho