Lucene search
+L

20 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:31 p.m.12 views

CVE-2021-21975

Server Side Request Forgery in vRealize Operations Manager API CVE-2021-21975 prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials...

7.5CVSS6.8AI score0.7829EPSS
Exploits10References1
Check Point Advisories
Check Point Advisories
added 2022/02/23 12:0 a.m.15 views

VMware vRealize Operations Manager API Server Side Request Forgery (CVE-2021-21975)

A sever-side request forgery vulnerability exists in VMware vRealize Operations Manager. Successful exploitation of this vulnerability could possibly lead to an attacker accessing administrative credentials...

5CVSS4.2AI score0.7829EPSS
Exploits10
Rapid7 Blog
Rapid7 Blog
added 2021/04/30 5:42 p.m.107 views

Metasploit Wrap-Up

Operations shell Operations and management software make popular targets due to their users typically having elevated privileges across a network. Our own wvu contributed the VMware vRealize Operations vROps Manager SSRF RCE exploit module for the vulnerabilities discovered by security researcher...

9CVSS1.3AI score0.99301EPSS
Exploits25
Metasploit
Metasploit
added 2021/04/27 5:41 p.m.48 views

VMware vRealize Operations (vROps) Manager SSRF RCE

This module exploits a pre-auth SSRF CVE-2021-21975 and post-auth file write CVE-2021-21983 in VMware vRealize Operations Manager to leak admin creds and write/execute a JSP payload. CVE-2021-21975 affects the /casa/nodes/thumbprints endpoint, and CVE-2021-21983 affects the...

8.5CVSS7.2AI score0.7829EPSS
Exploits12
0day.today
0day.today
added 2021/04/27 12:0 a.m.136 views

VMware vRealize Operations Manager Server-Side Request Forgery / Code Execution Exploit

This Metasploit module exploits a pre-auth server-side request forgery CVE-2021-21975 and post-auth file write CVE-2021-21983 in VMware vRealize Operations Manager to leak admin creds and write/execute a JSP payload. CVE-2021-21975 affects the /casa/nodes/thumbprints endpoint, and CVE-2021-21983...

7.5CVSS0.2AI score0.7829EPSS
Exploits12
Packet Storm
Packet Storm
added 2021/04/27 12:0 a.m.926 views

VMware vRealize Operations Manager Server-Side Request Forgery / Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware vRealize Operations vROps Manager SSRF RCE', 'Description' = %q This module exploits a pre-auth SSRF CVE-2021-21975 and post-auth file wri...

8.5CVSS0.8AI score0.7829EPSS
Exploits12
GithubExploit
GithubExploit
added 2021/04/06 11:24 p.m.138 views

Exploit for Server-Side Request Forgery in Vmware Cloud_Foundation

REALITYSMASHER vRealize RCE + Privesc CVE-2021-21975, CVE-20...

8.5CVSS7.8AI score0.7829EPSS
Exploits12
GithubExploit
GithubExploit
added 2021/04/02 9:14 p.m.95 views

Exploit for Server-Side Request Forgery in Vmware Cloud_Foundation

CVE-2021-21975 VMware vRealize Operations Manager API Server S...

8.5CVSS7.7AI score0.7829EPSS
Exploits12
Prion
Prion
added 2021/03/31 6:15 p.m.33 views

Server side request forgery (ssrf)

Server Side Request Forgery in vRealize Operations Manager API CVE-2021-21975 prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials...

5CVSS7.4AI score0.7829EPSS
Exploits10References2Affected Software3
Vulnrichment
Vulnrichment
added 2021/03/31 5:51 p.m.7 views

CVE-2021-21975

Server Side Request Forgery in vRealize Operations Manager API CVE-2021-21975 prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials...

7.5AI score0.7829EPSS
Exploits10References2
Cvelist
Cvelist
added 2021/03/31 5:51 p.m.27 views

CVE-2021-21975

Server Side Request Forgery in vRealize Operations Manager API CVE-2021-21975 prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials...

7.7AI score0.7829EPSS
Exploits10References2
CVE
CVE
added 2021/03/31 5:51 p.m.1191 views

CVE-2021-21975

CVE-2021-21975 (vROps SSRF) affects VMware vRealize Operations Manager API prior to 8.4. An attacker with network access can abuse SSRF via /casa/nodes/thumbprints to read internal resources and steal administrative credentials; when combined with CVE-2021-21983 (post-auth file write) this chain ...

7.5CVSS7.4AI score0.7829EPSS
In wildExploits10References3Affected Software3
GithubExploit
GithubExploit
added 2021/03/31 1:33 p.m.133 views

Exploit for Server-Side Request Forgery in Vmware Cloud_Foundation

CVE-2021-21975 SSRF-POC - ssrf to cred leak First configur...

7.5CVSS7.8AI score0.7829EPSS
Exploits10
seebug.org
seebug.org
added 2021/03/31 12:0 a.m.108 views

VMware vRealize Operations Manager SSRF和文件读取漏洞(CVE-2021-21975 CVE-2021-21983)

Description On March 30, 2021, VMware published a security advisory for CVE-2021-21975 and CVE-2021-21983, two chainable vulnerabilities in its vRealize Operations Manager product. CVE-2021-21975 is an unauthenticated server-side request forgery SSRF, while CVE-2021-21983 is an authenticated...

8.5CVSS8.1AI score0.7829EPSS
Exploits12
ATTACKERKB
ATTACKERKB
added 2021/03/31 12:0 a.m.93 views

CVE-2021-21975

Server Side Request Forgery in vRealize Operations Manager API CVE-2021-21975 prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials. Recent assessments: wvu-r7 at Mar...

8.5CVSS6.9AI score0.7829EPSS
In wildExploits12References3
Tenable Nessus
Tenable Nessus
added 2021/03/31 12:0 a.m.120 views

VMware vRealize Operations Manager 7.5.x / 8.x Multiple Vulnerabilities (VMSA-2021-0004)

The version of VMware vRealize Operations vROps Manager running on the remote web server is 7.5.x prior to 7.5.0.17771878, 8.0.0 prior to 8.0.1.17771851, or 8.1.0 prior to 8.1.1.17772462 or 8.2.0 prior to 8.2.0.17771778 or 8.3.0 prior to 8.3.0.17787340. It is, therefore, affected by a multiple...

8.5CVSS7.6AI score0.7829EPSS
Exploits12References3
Circl
Circl
added 2021/03/30 7:5 p.m.22 views

CVE-2021-21975

creationtimestamp| type| source ---|---|--- 2021-03-30 19:05:12+00:00| seen| https://t.me/ptswarm/18 2021-03-31 09:59:09+00:00| seen| https://t.me/truesecator/1577 2021-03-31 14:23:13+00:00| published-proof-of-concept| https://t.me/pwnwikizhchannel/66 2021-04-02 11:01:09+00:00|...

7.5CVSS7.2AI score0.7829EPSS
In wildExploits10References17
VMware
VMware
added 2021/03/30 12:0 a.m.40 views

VMware vRealize Operations updates address Server Side Request Forgery and Arbitrary File Write vulnerabilities (CVE-2021-21975, CVE-2021-21983)

1. Impacted Products VMware vRealize Operations VMware Cloud Foundation vRealize Suite Lifecycle Manager 2. Introduction Multiple vulnerabilities in VMware vRealize Operations were privately reported to VMware. Patches and Workarounds are available to address these vulnerabilities in impacted...

8.5CVSS0.9AI score0.7829EPSS
Exploits12References12Affected Software3
VMware
VMware
added 2021/03/30 12:0 a.m.51 views

VMware vRealize Operations updates address Server Side Request Forgery and Arbitrary File Write vulnerabilities (CVE-2021-21975, CVE-2021-21983)

3a. Server Side Request Forgery in vRealize Operations Manager API CVE-2021-21975 The vRealize Operations Manager API contains a Server Side Request Forgery. VMware has evaluated this issue to be of 'Important' severity with a maximum CVSSv3 base score of 8.6. 3b. Arbitrary file write vulnerabili...

8.5CVSS7.1AI score0.7829EPSS
Exploits12References11Affected Software3
VMware
VMware
added 2021/03/28 12:0 a.m.11 views

VMSA-2021-0004:VMware vRealize Operations updates address Server Side Request Forgery and Arbitrary File Write vulnerabilities

Advisory ID: VMSA-2021-0004.2 CVSSv3 Range: 7.2 - 8.6 Issue Date:2021-03-30 Updated On: 2021-08-24 CVEs: CVE-2021-21975, CVE-2021-21983 Synopsis: VMware vRealize Operations updates address Server Side Request Forgery and Arbitrary File Write vulnerabilities CVE-2021-21975, CVE-2021-21983 RSS Feed...

8.5CVSS7.2AI score0.7829EPSS
Exploits12References45Affected Software3
Rows per page
Query Builder