Lucene search

K
attackerkbAttackerKBAKB:DA3A63D5-4ECE-465D-8289-BD8119F15E95
HistoryMar 31, 2021 - 12:00 a.m.

CVE-2021-21975

2021-03-3100:00:00
attackerkb.com
60

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:C/A:C

0.968 High

EPSS

Percentile

99.6%

Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.

Recent assessments:

wvu-r7 at March 31, 2021 10:35pm UTC reported:

Please see the Rapid7 analysis or CVE-2021-21983’s assessment.

Update: According to GreyNoise, attackers are scanning for CVE-2021-21975.

Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 5

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:C/A:C

0.968 High

EPSS

Percentile

99.6%