Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
VmwareVrealize Operations Manager

8 matches found

CVE
CVEadded 2021/03/31 6:15 p.m.1129 views

CVE-2021-21975

Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.

7.5CVSS7.4AI score0.94188EPSS
CVE
CVEadded 2021/03/31 6:15 p.m.313 views

CVE-2021-21983

Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system.

8.5CVSS6.8AI score0.83177EPSS
CVE
CVEadded 2021/08/30 6:15 p.m.65 views

CVE-2021-22025

The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerability leading to unauthenticated API access. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can add new nodes to existing vROps cluster.

7.5CVSS7.5AI score0.00189EPSS
CVE
CVEadded 2021/08/30 6:15 p.m.63 views

CVE-2021-22024

The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can read any log file resulting in sensitive information disclosure.

7.5CVSS7.2AI score0.00324EPSS
CVE
CVEadded 2021/08/30 6:15 p.m.60 views

CVE-2021-22023

The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover.

7.2CVSS7AI score0.00324EPSS
CVE
CVEadded 2021/08/30 6:15 p.m.57 views

CVE-2021-22026

The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure.

7.5CVSS7.3AI score0.003EPSS
CVE
CVEadded 2021/08/30 6:15 p.m.56 views

CVE-2021-22022

The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability. A malicious actor with administrative access to vRealize Operations Manager API can read any arbitrary file on server leading to information disclosure.

4.9CVSS5.9AI score0.00214EPSS
CVE
CVEadded 2021/08/30 6:15 p.m.56 views

CVE-2021-22027

The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure.

7.5CVSS7.3AI score0.0027EPSS