CVE-2021-21975

2021-03-31T00:00:00
ID AKB:DA3A63D5-4ECE-465D-8289-BD8119F15E95
Type attackerkb
Reporter AttackerKB
Modified 2021-06-05T00:00:00

Description

Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.

Recent assessments:

wvu-r7 at March 31, 2021 10:35pm UTC reported:

Please see the Rapid7 analysis or CVE-2021-21983’s assessment.

Update: According to GreyNoise, attackers are scanning for CVE-2021-21975.

Assessed Attacker Value: 5
Assessed Attacker Value: 5