18 matches found
CVE-2021-21983
Arbitrary file write vulnerability in vRealize Operations Manager API CVE-2021-21983 prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system...
Metasploit Wrap-Up
Operations shell Operations and management software make popular targets due to their users typically having elevated privileges across a network. Our own wvu contributed the VMware vRealize Operations vROps Manager SSRF RCE exploit module for the vulnerabilities discovered by security researcher...
VMware vRealize Operations (vROps) Manager SSRF RCE
This module exploits a pre-auth SSRF CVE-2021-21975 and post-auth file write CVE-2021-21983 in VMware vRealize Operations Manager to leak admin creds and write/execute a JSP payload. CVE-2021-21975 affects the /casa/nodes/thumbprints endpoint, and CVE-2021-21983 affects the...
VMware vRealize Operations Manager Server-Side Request Forgery / Code Execution Exploit
This Metasploit module exploits a pre-auth server-side request forgery CVE-2021-21975 and post-auth file write CVE-2021-21983 in VMware vRealize Operations Manager to leak admin creds and write/execute a JSP payload. CVE-2021-21975 affects the /casa/nodes/thumbprints endpoint, and CVE-2021-21983...
VMware vRealize Operations Manager Server-Side Request Forgery / Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware vRealize Operations vROps Manager SSRF RCE', 'Description' = %q This module exploits a pre-auth SSRF CVE-2021-21975 and post-auth file wri...
URL Directory Traversal Over HTTP Traffic (CVE-2021-21983)
URL Directory Traversal Over HTTP Traffic...
Exploit for Server-Side Request Forgery in Vmware Cloud_Foundation
REALITYSMASHER vRealize RCE + Privesc CVE-2021-21975, CVE-20...
Arbitrary file deletion
Arbitrary file write vulnerability in vRealize Operations Manager API CVE-2021-21983 prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system...
CVE-2021-21983
Arbitrary file write vulnerability in vRealize Operations Manager API CVE-2021-21983 prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system...
CVE-2021-21983
CVE-2021-21983 is an authenticated arbitrary file write vulnerability in the VMware vRealize Operations Manager API (pre-8.4). A network‑accessible attacker can leverage the API to write files to arbitrary locations on the underlying Photon OS, potentially enabling code execution as illustrated i...
VMware vRealize Operations Manager SSRF和文件读取漏洞(CVE-2021-21975 CVE-2021-21983)
Description On March 30, 2021, VMware published a security advisory for CVE-2021-21975 and CVE-2021-21983, two chainable vulnerabilities in its vRealize Operations Manager product. CVE-2021-21975 is an unauthenticated server-side request forgery SSRF, while CVE-2021-21983 is an authenticated...
VMware vRealize Operations Manager 任意文件写入漏洞(CVE-2021-21983)
...
VMware vRealize Operations Manager 7.5.x / 8.x Multiple Vulnerabilities (VMSA-2021-0004)
The version of VMware vRealize Operations vROps Manager running on the remote web server is 7.5.x prior to 7.5.0.17771878, 8.0.0 prior to 8.0.1.17771851, or 8.1.0 prior to 8.1.1.17772462 or 8.2.0 prior to 8.2.0.17771778 or 8.3.0 prior to 8.3.0.17787340. It is, therefore, affected by a multiple...
CVE-2021-21983
Arbitrary file write vulnerability in vRealize Operations Manager API CVE-2021-21983 prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system. Recent...
CVE-2021-21983
creationtimestamp| type| source ---|---|--- 2021-03-30 19:05:12+00:00| seen| https://t.me/ptswarm/18 2021-04-27 14:28:29+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/vmwarevropsmgrssrfrce.rb 2022-06-01 02:32:51+00:00|...
VMware vRealize Operations updates address Server Side Request Forgery and Arbitrary File Write vulnerabilities (CVE-2021-21975, CVE-2021-21983)
1. Impacted Products VMware vRealize Operations VMware Cloud Foundation vRealize Suite Lifecycle Manager 2. Introduction Multiple vulnerabilities in VMware vRealize Operations were privately reported to VMware. Patches and Workarounds are available to address these vulnerabilities in impacted...
VMware vRealize Operations updates address Server Side Request Forgery and Arbitrary File Write vulnerabilities (CVE-2021-21975, CVE-2021-21983)
3a. Server Side Request Forgery in vRealize Operations Manager API CVE-2021-21975 The vRealize Operations Manager API contains a Server Side Request Forgery. VMware has evaluated this issue to be of 'Important' severity with a maximum CVSSv3 base score of 8.6. 3b. Arbitrary file write vulnerabili...
VMSA-2021-0004:VMware vRealize Operations updates address Server Side Request Forgery and Arbitrary File Write vulnerabilities
Advisory ID: VMSA-2021-0004.2 CVSSv3 Range: 7.2 - 8.6 Issue Date:2021-03-30 Updated On: 2021-08-24 CVEs: CVE-2021-21975, CVE-2021-21983 Synopsis: VMware vRealize Operations updates address Server Side Request Forgery and Arbitrary File Write vulnerabilities CVE-2021-21975, CVE-2021-21983 RSS Feed...