869 matches found
CVE-2021-22026
The vRealize Operations Manager API 8.x prior to 8.5 contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure...
CVE-2021-22024
The vRealize Operations Manager API 8.x prior to 8.5 contains an arbitrary log-file read vulnerability. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can read any log file resulting in sensitive information disclosure...
Information disclosure
The vRealize Operations Manager API 8.x prior to 8.5 contains an arbitrary log-file read vulnerability. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can read any log file resulting in sensitive information disclosure...
Server side request forgery (ssrf)
The vRealize Operations Manager API 8.x prior to 8.5 contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure...
Improper access control
The vRealize Operations Manager API 8.x prior to 8.5 contains a broken access control vulnerability leading to unauthenticated API access. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can add new nodes to existing vROps cluster...
Deserialization of untrusted data
The vRealize Operations Manager API 8.x prior to 8.5 has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover...
Information disclosure
The vRealize Operations Manager API 8.x prior to 8.5 contains an arbitrary file read vulnerability. A malicious actor with administrative access to vRealize Operations Manager API can read any arbitrary file on server leading to information disclosure...
CVE-2021-22025
CVE-2021-22025 pertains to VMware vRealize Operations Manager API, where a broken access control vulnerability allows an unauthenticated attacker to add new nodes to a vROps cluster. The issue affects multiple 8.x releases prior to 8.5, with the highest impact in 8.4.x/8.3.x/8.2.x/8.1.x/8.0.x/7.5...
CVE-2021-22025
The vRealize Operations Manager API 8.x prior to 8.5 contains a broken access control vulnerability leading to unauthenticated API access. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can add new nodes to existing vROps cluster...
CVE-2021-22026
The vRealize Operations Manager API 8.x prior to 8.5 contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure...
CVE-2021-22027
The vRealize Operations Manager API 8.x prior to 8.5 contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure...
CVE-2021-22027
Summary of CVE-2021-22027 : The vRealize Operations Manager API contains a Server Side Request Forgery vulnerability in multiple endpoints that can be exploited by an unauthenticated attacker with network access to disclose information. This is associated with CVE-2021-22027 and is addressed in V...
CVE-2021-22026
The SSRF issue CVE-2021-22026 affects VMware vRealize Operations Manager API (versions 8.x before 8.5). The vulnerability allows an unauthenticated actor with network access to perform server-side requests, leading to information disclosure. VMware’s advisory (VMSA-2021-0018) details the affected...
CVE-2021-22024
The vRealize Operations Manager API 8.x prior to 8.5 contains an arbitrary log-file read vulnerability. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can read any log file resulting in sensitive information disclosure...
CVE-2021-22024
CVE-2021-22024 is an arbitrary log-file read vulnerability in the vRealize Operations Manager API (affecting 8.x prior to 8.5). An unauthenticated attacker with network access to the API can read arbitrary log files, exposing sensitive data. The issue is part of a set of vulnerabilities (CVE-2021...
CVE-2021-22023
The vRealize Operations Manager API 8.x prior to 8.5 has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover...
CVE-2021-22023
CVE-2021-22023 affects VMware vRealize Operations Manager API (8.x) before 8.5. The vulnerability is an insecure direct object reference that could allow a user with administrative API access to modify other users’ information, potentially enabling account takeover. The available connected source...
CVE-2021-22022
The vRealize Operations Manager API 8.x prior to 8.5 contains an arbitrary file read vulnerability. A malicious actor with administrative access to vRealize Operations Manager API can read any arbitrary file on server leading to information disclosure...
CVE-2021-22022
Summary (CVE-2021-22022) : VMware vRealize Operations Manager API (versions 8.x before 8.5) contains an arbitrary file read vulnerability. An attacker with administrative access to the vROps API can read arbitrary files on the server, causing information disclosure. The issue is tied to the vROps...
Vulnerabilities fixed in VMware vRealize
VMware has fixed vulnerabilities in vRealize. A malicious person with access to the vRealize Operations Manager API could potentially exploit the vulnerabilities potentially exploit them to obtain sensitive data via accessing log files and arbitrary files, potentially possibly taking over a user...