295 matches found
CVE-2021-21975
Server Side Request Forgery in vRealize Operations Manager API CVE-2021-21975 prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials. Recent assessments: wvu-r7 at Mar...
CVE-2021-21983
Arbitrary file write vulnerability in vRealize Operations Manager API CVE-2021-21983 prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system. Recent...
Vulnerabilities fixed in VMware vRealize Operations
VMware has fixed two vulnerabilities in vRealize Operations, vRealize Suite Lifecycle Manager and Cloud Foundation. A unauthenticated malicious party can exploit the vulnerability with attribute CVE-2021-21975 to gain access to authentication credentials of administrators. The vulnerability with...
VMware vRealize Operations Manager 7.5.x / 8.x Multiple Vulnerabilities (VMSA-2021-0004)
The version of VMware vRealize Operations vROps Manager running on the remote web server is 7.5.x prior to 7.5.0.17771878, 8.0.0 prior to 8.0.1.17771851, or 8.1.0 prior to 8.1.1.17772462 or 8.2.0 prior to 8.2.0.17771778 or 8.3.0 prior to 8.3.0.17787340. It is, therefore, affected by a multiple...
VMware vRealize Operations updates address Server Side Request Forgery and Arbitrary File Write vulnerabilities (CVE-2021-21975, CVE-2021-21983)
3a. Server Side Request Forgery in vRealize Operations Manager API CVE-2021-21975 The vRealize Operations Manager API contains a Server Side Request Forgery. VMware has evaluated this issue to be of 'Important' severity with a maximum CVSSv3 base score of 8.6. 3b. Arbitrary file write vulnerabili...
VMware vRealize Operations updates address Server Side Request Forgery and Arbitrary File Write vulnerabilities (CVE-2021-21975, CVE-2021-21983)
1. Impacted Products VMware vRealize Operations VMware Cloud Foundation vRealize Suite Lifecycle Manager 2. Introduction Multiple vulnerabilities in VMware vRealize Operations were privately reported to VMware. Patches and Workarounds are available to address these vulnerabilities in impacted...
VMSA-2021-0004:VMware vRealize Operations updates address Server Side Request Forgery and Arbitrary File Write vulnerabilities
Advisory ID: VMSA-2021-0004.2 CVSSv3 Range: 7.2 - 8.6 Issue Date:2021-03-30 Updated On: 2021-08-24 CVEs: CVE-2021-21975, CVE-2021-21983 Synopsis: VMware vRealize Operations updates address Server Side Request Forgery and Arbitrary File Write vulnerabilities CVE-2021-21975, CVE-2021-21983 RSS Feed...
Vulnerabilities fixed in Salt
Vulnerabilities have been fixed in Salt. Salt is used used in VMware vRealize Operations Manager and RSA NetWitness. The vulnerabilities allow a malicious party to carry out attacks execute attacks that lead to the following categories of damage: Bypassing authentication Bypassing security measur...
The vulnerability of the monitoring tool for the virtual infrastructure vRealize Operations, related to writing beyond the buffer boundaries, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the monitoring tool for the vRealize Operations virtual infrastructure is related to writing beyond the buffer boundaries. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the monitoring tool for the virtual infrastructure vRealize Operations lies in insufficient validation of input data, allowing a perpetrator to execute arbitrary code.
The vulnerability of the monitoring tool for the virtual infrastructure vRealize Operations is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary code...
The vulnerability of the monitoring tool for the virtual infrastructure vRealize Operations, related to authentication errors, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the monitoring tool for the vRealize Operations virtual infrastructure is related to authentication errors. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
SaltStack Salt Master/Minion Unauthenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SaltStack Salt Master/Minion Unauthenticated RCE', 'Description' = %q This module exploits unauthenticated access to the runner and sendpub metho...
SaltStack Salt Master/Minion Unauthenticated Remote Code Execution Exploit
This Metasploit module exploits unauthenticated access to the runner and sendpub methods in the SaltStack Salt master's ZeroMQ request server, for versions 2019.2.3 and earlier and 3000.1 and earlier, to execute code as root on either the master or on select minions. VMware vRealize Operations...
SaltStack Salt Master Server Root Key Disclosure
This module exploits unauthenticated access to the prepauthinfo method in the SaltStack Salt master's ZeroMQ request server, for versions 2019.2.3 and earlier and 3000.1 and earlier, to disclose the root key used to authenticate administrative commands to the master. VMware vRealize Operations...
SaltStack Salt Master/Minion Unauthenticated RCE
This module exploits unauthenticated access to the runner and sendpub methods in the SaltStack Salt master's ZeroMQ request server, for versions 2019.2.3 and earlier and 3000.1 and earlier, to execute code as root on either the master or on select minions. VMware vRealize Operations Manager...
VMware Publishes Workarounds for Vulnerabilities in vRealize Operations Manager
VMware has published workarounds to address unpatched vulnerabilities in vRealize Operations Manager vROps. A remote attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...
vRealize Operations Application Remote Collector (ARC) addresses Authentication Bypass and Directory Traversal vulnerabilities (CVE-2020-11651, CVE-2020-11652)
3. vRealize Operations Application Remote Collector ARC addresses Authentication Bypass CVE-2020-11651 and Directory Traversal CVE-2020-11652 vulnerabilities. The Application Remote Collector ARC introduced with vRealize Operations 7.5 utilizes Salt which is affected by CVE-2020-11651 and...
VMSA-2020-0009:vRealize Operations Application Remote Collector (ARC) addresses Authentication Bypass and Directory Traversal vulnerabilities
Advisory ID: VMSA-2020-0009.1 CVSSv3 Range: 7.5-10.0 Issue Date:2020-05-08 Updated On: 2020-05-15 Initial Advisory CVEs: CVE-2020-11651, CVE-2020-11652 Synopsis: vRealize Operations Application Remote Collector ARC addresses Authentication Bypass and Directory Traversal vulnerabilities...
VMware vRealize Operations for Horizon Adapter Multiple Vulnerabilities (VMSA-2020-0003) (disabled)
Due to a deteciton issue this plugin has been temporarily disabled. C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 05/19/2020. Temporarly disabled to address detection issues. include'compat.inc'; if description scriptid134163; scriptversion"1.3";...
vRealize Operations for Horizon Adapter Information Disclosure Vulnerability
VMware vRealize Operations is operations management software that spans physical, virtual, and cloud environments and supports network environments based on vSphere, Hyper-V, or Amazon Web Services. An information disclosure vulnerability exists in vRealize Operations for Horizon Adapter versions...