79 matches found
CVE-2021-22022
The vRealize Operations Manager API 8.x prior to 8.5 contains an arbitrary file read vulnerability. A malicious actor with administrative access to vRealize Operations Manager API can read any arbitrary file on server leading to information disclosure...
CVE-2021-22026
The vRealize Operations Manager API 8.x prior to 8.5 contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure...
CVE-2021-22023
The vRealize Operations Manager API 8.x prior to 8.5 has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover...
CVE-2021-22027
The vRealize Operations Manager API 8.x prior to 8.5 contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure...
EUVD-2021-9194
Malicious code in bioql PyPI...
EUVD-2021-9191
Malicious code in bioql PyPI...
EUVD-2021-9192
Malicious code in bioql PyPI...
EUVD-2021-9195
Malicious code in bioql PyPI...
EUVD-2021-9196
Malicious code in bioql PyPI...
EUVD-2021-9193
Malicious code in bioql PyPI...
CVE-2021-21975
Server Side Request Forgery in vRealize Operations Manager API CVE-2021-21975 prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials...
CVE-2021-22024
The vRealize Operations Manager API 8.x prior to 8.5 contains an arbitrary log-file read vulnerability. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can read any log file resulting in sensitive information disclosure...
CVE-2021-22025
The vRealize Operations Manager API 8.x prior to 8.5 contains a broken access control vulnerability leading to unauthenticated API access. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can add new nodes to existing vROps cluster...
CVE-2021-21983
Arbitrary file write vulnerability in vRealize Operations Manager API CVE-2021-21983 prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system...
SaltStack Salt Master Server Root Key Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SaltStack Salt Master Server Root Key Disclosure', 'Description' = %q This module exploits unauthenticated access to the prepauthinfo method in t...
VMware Aria Operations < 8.6 Hot Fix 11 / 8.10 Hot Fix 9 / 8.12 Hot Fix 5 Privilege Escalation (VMSA-2023-0020)
The version of VMware Aria Operations formerly vRealize Operations running on the remote host is 8.6.x prior to 8.6 Hot Fix 11, 8.10.x prior to 8.10 Hot Fix 9 or 8.12.x prior to 8.12 Hot Fix 5. It is, therefore, affected by a privilege escalation vulnerability. An attacker with administrative...
SRC-2022-0020 : VMware vRealize Operations Manager generateSupportBundle VCOPS_BASE Privilege Escalation Vulnerability
Vulnerability Details: This vulnerability allows local attackers to escalate privileges on affected installations of VMware vRealize Operations Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...
SRC-2022-0017 : VMware vRealize Operations Manager MainPortalFilter Authentication Bypass Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to bypass authentication on affected installations of VMware vRealize Operations. Authentication is not required to exploit this vulnerability. The specific flaw exists within MainPortalFilter class. The issue results from the...
Exploit for CVE-2021-21983
CVE-2021-21975 VMware vRealize Operations vROps Manager API...
VMware vRealize Operations Manager API Server Side Request Forgery (CVE-2021-21975)
A sever-side request forgery vulnerability exists in VMware vRealize Operations Manager. Successful exploitation of this vulnerability could possibly lead to an attacker accessing administrative credentials...