Lucene search
K

295 matches found

Cvelist
Cvelist
added 2021/08/30 5:53 p.m.19 views

CVE-2021-22023

The vRealize Operations Manager API 8.x prior to 8.5 has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover...

7AI score0.00999EPSS
Exploits1References1
CVE
CVE
added 2021/08/30 5:53 p.m.73 views

CVE-2021-22022

Summary (CVE-2021-22022) : VMware vRealize Operations Manager API (versions 8.x before 8.5) contains an arbitrary file read vulnerability. An attacker with administrative access to the vROps API can read arbitrary files on the server, causing information disclosure. The issue is tied to the vROps...

4.9CVSS5.9AI score0.01134EPSS
Exploits0References1Affected Software3
Cvelist
Cvelist
added 2021/08/30 5:53 p.m.21 views

CVE-2021-22022

The vRealize Operations Manager API 8.x prior to 8.5 contains an arbitrary file read vulnerability. A malicious actor with administrative access to vRealize Operations Manager API can read any arbitrary file on server leading to information disclosure...

5.2AI score0.01134EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2021/08/27 12:0 a.m.37 views

VMware vRealize Operations Manager 7.5.x / 8.x Multiple Vulnerabilities (VMSA-2021-0018)

The version of VMware vRealize Operations vROps Manager running on the remote web server is 7.5.x prior to 7.5.0.18528913, 8.0.0 prior to 8.0.1.18442173, or 8.1.0 prior to 8.1.1.18442224 or 8.2.0 prior to 8.2.0.18439239 or 8.3.0 prior to 8.3.0.18439213 or 8.4.0 prior to 8.4.0.18456797. It is,...

7.5CVSS6.9AI score0.0116EPSS
Exploits1References7
The Hacker News
The Hacker News
added 2021/08/26 7:40 a.m.51 views

VMware Issues Patches to Fix New Flaws Affecting Multiple Products

VMware on Wednesday shipped security updates to address vulnerabilities in multiple products that could be potentially exploited by an attacker to take control of an affected system. The six security weaknesses from CVE-2021-22022 through CVE-2021-22027, CVSS scores: 4.4 - 8.6 affect VMware...

7.5CVSS6.6AI score0.0116EPSS
Exploits1
CNNVD
CNNVD
added 2021/08/25 12:0 a.m.4 views

VMware vRealize Operations 授权问题漏洞

vmware VMware vRealize Operations is an application from vmware, Inc. A unified, AI-based platform for private, hybrid and multi-cloud environments that delivers IT operations management on autopilot. An authorization issue vulnerability exists in VMware vRealize Operations that stems from the...

7.5CVSS7.5AI score0.00809EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/08/25 12:0 a.m.3 views

VMware vRealize Operations 代码问题漏洞

vmware VMware vRealize Operations is an application from vmware, Inc. A unified, AI-based platform for private, hybrid, and multi-cloud environments that delivers IT operations management on autopilot. A code issue vulnerability exists in VMware vRealize Operations that stems from the product...

7.5CVSS7.7AI score0.0116EPSS
Exploits0References3
NCSC
NCSC
added 2021/08/25 12:0 a.m.5 views

Vulnerabilities fixed in VMware vRealize

VMware has fixed vulnerabilities in vRealize. A malicious person with access to the vRealize Operations Manager API could potentially exploit the vulnerabilities potentially exploit them to obtain sensitive data via accessing log files and arbitrary files, potentially possibly taking over a user...

7.5CVSS7AI score0.0116EPSS
Exploits1
CNNVD
CNNVD
added 2021/08/25 12:0 a.m.4 views

VMware vRealize Operations 日志信息泄露漏洞

vmware VMware vRealize Operations is an application from vmware, Inc. A unified, AI-based platform for private, hybrid, and multi-cloud environments that delivers IT operations management on autopilot. A log information disclosure vulnerability exists in Vmware vRealize Operations Manager that...

7.5CVSS7.7AI score0.01038EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/08/25 12:0 a.m.5 views

VMware vRealize Operations 路径遍历漏洞

vmware VMware vRealize Operations is an application from vmware, Inc. A unified, AI-based platform for private, hybrid, and multi-cloud environments that delivers IT operations management on autopilot. A path traversal vulnerability exists in Vmware vRealize Operations Manager that stems from the...

4.9CVSS5.7AI score0.01134EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/08/25 12:0 a.m.6 views

VMware vRealize Operations 代码问题漏洞

vmware VMware vRealize Operations is an application from vmware, Inc. A unified, AI-based platform for private, hybrid, and multi-cloud environments that delivers IT operations management on autopilot. A code issue vulnerability exists in VMware vRealize Operations that stems from the product...

7.5CVSS7.7AI score0.01128EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/08/25 12:0 a.m.4 views

VMware vRealize Operations 代码问题漏洞

vmware VMware vRealize Operations is an application from vmware, Inc. A unified, AI-based platform for private, hybrid and multi-cloud environments that delivers IT operations management on autopilot. A code issue vulnerability exists in Vmware vRealize Operations Manager that stems from an unsaf...

7.2CVSS7.4AI score0.00999EPSS
Exploits1References3
VMware
VMware
added 2021/08/22 12:0 a.m.53 views

VMSA-2021-0018:VMware vRealize Operations updates address multiple security vulnerabilities

Advisory ID: VMSA-2021-0018 CVSSv3 Range: 4.4 - 8.6 Issue Date:2021-08-24 Updated On: 2021-08-24 Initial Advisory CVEs: CVE-2021-22022, CVE-2021-22023, CVE-2021-22024, CVE-2021-22025, CVE-2021-22026, CVE-2021-22027 Synopsis: VMware vRealize Operations updates address multiple security...

7.5CVSS6.9AI score0.0116EPSS
Exploits1References45Affected Software3
VulnCheck KEV
VulnCheck KEV
added 2021/06/01 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-21975

Server Side Request Forgery SSRF in vRealize Operations Manager API prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API to perform a SSRF attack to steal administrative credentials...

7.5CVSS7.3AI score0.78435EPSS
Exploits10References1
Rapid7 Blog
Rapid7 Blog
added 2021/04/30 5:42 p.m.105 views

Metasploit Wrap-Up

Operations shell Operations and management software make popular targets due to their users typically having elevated privileges across a network. Our own wvu contributed the VMware vRealize Operations vROps Manager SSRF RCE exploit module for the vulnerabilities discovered by security researcher...

9CVSS1.3AI score0.99217EPSS
Exploits24
Metasploit
Metasploit
added 2021/04/27 5:41 p.m.47 views

VMware vRealize Operations (vROps) Manager SSRF RCE

This module exploits a pre-auth SSRF CVE-2021-21975 and post-auth file write CVE-2021-21983 in VMware vRealize Operations Manager to leak admin creds and write/execute a JSP payload. CVE-2021-21975 affects the /casa/nodes/thumbprints endpoint, and CVE-2021-21983 affects the...

8.5CVSS7.2AI score0.78435EPSS
Exploits12
0day.today
0day.today
added 2021/04/27 12:0 a.m.129 views

VMware vRealize Operations Manager Server-Side Request Forgery / Code Execution Exploit

This Metasploit module exploits a pre-auth server-side request forgery CVE-2021-21975 and post-auth file write CVE-2021-21983 in VMware vRealize Operations Manager to leak admin creds and write/execute a JSP payload. CVE-2021-21975 affects the /casa/nodes/thumbprints endpoint, and CVE-2021-21983...

7.5CVSS0.2AI score0.78435EPSS
Exploits12
Packet Storm
Packet Storm
added 2021/04/27 12:0 a.m.915 views

VMware vRealize Operations Manager Server-Side Request Forgery / Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware vRealize Operations vROps Manager SSRF RCE', 'Description' = %q This module exploits a pre-auth SSRF CVE-2021-21975 and post-auth file wri...

8.5CVSS0.8AI score0.78435EPSS
Exploits12
GithubExploit
GithubExploit
added 2021/04/10 12:36 p.m.136 views

Exploit for Server-Side Request Forgery in Vmware Cloud_Foundation

VMWare-CVE-2021-21975 VMWare-CVE-2021-21975 SSRF vulnerabil...

7.5CVSS8AI score0.78435EPSS
Exploits10
The Hacker News
The Hacker News
added 2021/04/07 8:3 a.m.117 views

Critical Auth Bypass Bug Found in VMware Data Center Security Product

A critical vulnerability in the VMware Carbon Black Cloud Workload appliance could be exploited to bypass authentication and take control of vulnerable systems. Tracked as CVE-2021-21982, the flaw is rated 9.1 out of a maximum of 10 in the CVSS scoring system and affects all versions of the produ...

9.1CVSS1.1AI score0.78435EPSS
Exploits12
Rows per page
Query Builder