Lucene search
K

295 matches found

ATTACKERKB
ATTACKERKB
added 2021/03/31 12:0 a.m.86 views

CVE-2021-21975

Server Side Request Forgery in vRealize Operations Manager API CVE-2021-21975 prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials. Recent assessments: wvu-r7 at Mar...

8.5CVSS6.9AI score0.7829EPSS
In wildExploits12References3
ATTACKERKB
ATTACKERKB
added 2021/03/31 12:0 a.m.64 views

CVE-2021-21983

Arbitrary file write vulnerability in vRealize Operations Manager API CVE-2021-21983 prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system. Recent...

8.5CVSS6.9AI score0.7829EPSS
In wildExploits12References3
NCSC
NCSC
added 2021/03/31 12:0 a.m.3 views

Vulnerabilities fixed in VMware vRealize Operations

VMware has fixed two vulnerabilities in vRealize Operations, vRealize Suite Lifecycle Manager and Cloud Foundation. A unauthenticated malicious party can exploit the vulnerability with attribute CVE-2021-21975 to gain access to authentication credentials of administrators. The vulnerability with...

8.5CVSS7.2AI score0.7829EPSS
Exploits12
Tenable Nessus
Tenable Nessus
added 2021/03/31 12:0 a.m.118 views

VMware vRealize Operations Manager 7.5.x / 8.x Multiple Vulnerabilities (VMSA-2021-0004)

The version of VMware vRealize Operations vROps Manager running on the remote web server is 7.5.x prior to 7.5.0.17771878, 8.0.0 prior to 8.0.1.17771851, or 8.1.0 prior to 8.1.1.17772462 or 8.2.0 prior to 8.2.0.17771778 or 8.3.0 prior to 8.3.0.17787340. It is, therefore, affected by a multiple...

8.5CVSS7.6AI score0.7829EPSS
Exploits12References3
VMware
VMware
added 2021/03/30 12:0 a.m.50 views

VMware vRealize Operations updates address Server Side Request Forgery and Arbitrary File Write vulnerabilities (CVE-2021-21975, CVE-2021-21983)

3a. Server Side Request Forgery in vRealize Operations Manager API CVE-2021-21975 The vRealize Operations Manager API contains a Server Side Request Forgery. VMware has evaluated this issue to be of 'Important' severity with a maximum CVSSv3 base score of 8.6. 3b. Arbitrary file write vulnerabili...

8.5CVSS7.1AI score0.7829EPSS
Exploits12References11Affected Software3
VMware
VMware
added 2021/03/30 12:0 a.m.38 views

VMware vRealize Operations updates address Server Side Request Forgery and Arbitrary File Write vulnerabilities (CVE-2021-21975, CVE-2021-21983)

1. Impacted Products VMware vRealize Operations VMware Cloud Foundation vRealize Suite Lifecycle Manager 2. Introduction Multiple vulnerabilities in VMware vRealize Operations were privately reported to VMware. Patches and Workarounds are available to address these vulnerabilities in impacted...

8.5CVSS0.9AI score0.7829EPSS
Exploits12References12Affected Software3
VMware
VMware
added 2021/03/28 12:0 a.m.10 views

VMSA-2021-0004:VMware vRealize Operations updates address Server Side Request Forgery and Arbitrary File Write vulnerabilities

Advisory ID: VMSA-2021-0004.2 CVSSv3 Range: 7.2 - 8.6 Issue Date:2021-03-30 Updated On: 2021-08-24 CVEs: CVE-2021-21975, CVE-2021-21983 Synopsis: VMware vRealize Operations updates address Server Side Request Forgery and Arbitrary File Write vulnerabilities CVE-2021-21975, CVE-2021-21983 RSS Feed...

8.5CVSS7.2AI score0.7829EPSS
Exploits12References45Affected Software3
NCSC
NCSC
added 2021/03/01 12:0 a.m.2 views

Vulnerabilities fixed in Salt

Vulnerabilities have been fixed in Salt. Salt is used used in VMware vRealize Operations Manager and RSA NetWitness. The vulnerabilities allow a malicious party to carry out attacks execute attacks that lead to the following categories of damage: Bypassing authentication Bypassing security measur...

9.8CVSS7.2AI score0.92312EPSS
Exploits8
BDU FSTEC
BDU FSTEC
added 2020/07/17 12:0 a.m.5 views

The vulnerability of the monitoring tool for the virtual infrastructure vRealize Operations, related to writing beyond the buffer boundaries, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the monitoring tool for the vRealize Operations virtual infrastructure is related to writing beyond the buffer boundaries. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

7.8CVSS7.4AI score0.01386EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/07/17 12:0 a.m.6 views

The vulnerability of the monitoring tool for the virtual infrastructure vRealize Operations lies in insufficient validation of input data, allowing a perpetrator to execute arbitrary code.

The vulnerability of the monitoring tool for the virtual infrastructure vRealize Operations is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary code...

10CVSS8.1AI score0.02331EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/07/17 12:0 a.m.8 views

The vulnerability of the monitoring tool for the virtual infrastructure vRealize Operations, related to authentication errors, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the monitoring tool for the vRealize Operations virtual infrastructure is related to authentication errors. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

8.6CVSS7.6AI score0.01489EPSS
Exploits0References2Affected Software1
Packet Storm
Packet Storm
added 2020/05/12 12:0 a.m.259 views

SaltStack Salt Master/Minion Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SaltStack Salt Master/Minion Unauthenticated RCE', 'Description' = %q This module exploits unauthenticated access to the runner and sendpub metho...

7.5CVSS0.9AI score0.96405EPSS
Exploits25
0day.today
0day.today
added 2020/05/12 12:0 a.m.108 views

SaltStack Salt Master/Minion Unauthenticated Remote Code Execution Exploit

This Metasploit module exploits unauthenticated access to the runner and sendpub methods in the SaltStack Salt master's ZeroMQ request server, for versions 2019.2.3 and earlier and 3000.1 and earlier, to execute code as root on either the master or on select minions. VMware vRealize Operations...

9.8CVSS0.9AI score0.96405EPSS
Exploits25
Metasploit
Metasploit
added 2020/05/11 5:5 p.m.79 views

SaltStack Salt Master Server Root Key Disclosure

This module exploits unauthenticated access to the prepauthinfo method in the SaltStack Salt master's ZeroMQ request server, for versions 2019.2.3 and earlier and 3000.1 and earlier, to disclose the root key used to authenticate administrative commands to the master. VMware vRealize Operations...

9.8CVSS8.5AI score0.96405EPSS
Exploits25
Metasploit
Metasploit
added 2020/05/11 5:5 p.m.75 views

SaltStack Salt Master/Minion Unauthenticated RCE

This module exploits unauthenticated access to the runner and sendpub methods in the SaltStack Salt master's ZeroMQ request server, for versions 2019.2.3 and earlier and 3000.1 and earlier, to execute code as root on either the master or on select minions. VMware vRealize Operations Manager...

9.8CVSS9AI score0.96405EPSS
Exploits25
CISA
CISA
added 2020/05/11 12:0 a.m.12 views

VMware Publishes Workarounds for Vulnerabilities in vRealize Operations Manager

VMware has published workarounds to address unpatched vulnerabilities in vRealize Operations Manager vROps. A remote attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...

7.1AI score
Exploits0References1
VMware
VMware
added 2020/05/08 12:0 a.m.159 views

vRealize Operations Application Remote Collector (ARC) addresses Authentication Bypass and Directory Traversal vulnerabilities (CVE-2020-11651, CVE-2020-11652)

3. vRealize Operations Application Remote Collector ARC addresses Authentication Bypass CVE-2020-11651 and Directory Traversal CVE-2020-11652 vulnerabilities. The Application Remote Collector ARC introduced with vRealize Operations 7.5 utilizes Salt which is affected by CVE-2020-11651 and...

7.5CVSS8.4AI score0.96405EPSS
Exploits25References8Affected Software1
VMware
VMware
added 2020/04/26 12:0 a.m.12 views

VMSA-2020-0009:vRealize Operations Application Remote Collector (ARC) addresses Authentication Bypass and Directory Traversal vulnerabilities

Advisory ID: VMSA-2020-0009.1 CVSSv3 Range: 7.5-10.0 Issue Date:2020-05-08 Updated On: 2020-05-15 Initial Advisory CVEs: CVE-2020-11651, CVE-2020-11652 Synopsis: vRealize Operations Application Remote Collector ARC addresses Authentication Bypass and Directory Traversal vulnerabilities...

9.8CVSS7.7AI score0.96405EPSS
Exploits25References17Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/02/28 12:0 a.m.31 views

VMware vRealize Operations for Horizon Adapter Multiple Vulnerabilities (VMSA-2020-0003) (disabled)

Due to a deteciton issue this plugin has been temporarily disabled. C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 05/19/2020. Temporarly disabled to address detection issues. include'compat.inc'; if description scriptid134163; scriptversion"1.3";...

9.8CVSS8.1AI score0.02331EPSS
Exploits0References4
CNVD
CNVD
added 2020/02/24 12:0 a.m.1 views

vRealize Operations for Horizon Adapter Information Disclosure Vulnerability

VMware vRealize Operations is operations management software that spans physical, virtual, and cloud environments and supports network environments based on vSphere, Hyper-V, or Amazon Web Services. An information disclosure vulnerability exists in vRealize Operations for Horizon Adapter versions...

7.5CVSS6.1AI score0.01386EPSS
Exploits0References1
Rows per page
Query Builder