Lucene search
K
VmwareVrealize Operations Manager

8 matches found

CVE
CVE
added 2021/03/31 5:51 p.m.1189 views

CVE-2021-21975

CVE-2021-21975 (vROps SSRF) affects VMware vRealize Operations Manager API prior to 8.4. An attacker with network access can abuse SSRF via /casa/nodes/thumbprints to read internal resources and steal administrative credentials; when combined with CVE-2021-21983 (post-auth file write) this chain ...

7.5CVSS7.4AI score0.7829EPSS
In wild
CVE
CVE
added 2021/03/31 5:50 p.m.372 views

CVE-2021-21983

CVE-2021-21983 is an authenticated arbitrary file write vulnerability in the VMware vRealize Operations Manager API (pre-8.4). A network‑accessible attacker can leverage the API to write files to arbitrary locations on the underlying Photon OS, potentially enabling code execution as illustrated i...

8.5CVSS6.8AI score0.68557EPSS
In wild
CVE
CVE
added 2021/08/30 5:53 p.m.76 views

CVE-2021-22024

CVE-2021-22024 is an arbitrary log-file read vulnerability in the vRealize Operations Manager API (affecting 8.x prior to 8.5). An unauthenticated attacker with network access to the API can read arbitrary log files, exposing sensitive data. The issue is part of a set of vulnerabilities (CVE-2021...

7.5CVSS7.2AI score0.01038EPSS
CVE
CVE
added 2021/08/30 5:54 p.m.75 views

CVE-2021-22025

CVE-2021-22025 pertains to VMware vRealize Operations Manager API, where a broken access control vulnerability allows an unauthenticated attacker to add new nodes to a vROps cluster. The issue affects multiple 8.x releases prior to 8.5, with the highest impact in 8.4.x/8.3.x/8.2.x/8.1.x/8.0.x/7.5...

7.5CVSS7.5AI score0.00809EPSS
CVE
CVE
added 2021/08/30 5:53 p.m.74 views

CVE-2021-22022

Summary (CVE-2021-22022) : VMware vRealize Operations Manager API (versions 8.x before 8.5) contains an arbitrary file read vulnerability. An attacker with administrative access to the vROps API can read arbitrary files on the server, causing information disclosure. The issue is tied to the vROps...

4.9CVSS5.9AI score0.01134EPSS
CVE
CVE
added 2021/08/30 5:53 p.m.72 views

CVE-2021-22023

CVE-2021-22023 affects VMware vRealize Operations Manager API (8.x) before 8.5. The vulnerability is an insecure direct object reference that could allow a user with administrative API access to modify other users’ information, potentially enabling account takeover. The available connected source...

7.2CVSS7AI score0.00999EPSS
CVE
CVE
added 2021/08/30 5:54 p.m.72 views

CVE-2021-22027

Summary of CVE-2021-22027 : The vRealize Operations Manager API contains a Server Side Request Forgery vulnerability in multiple endpoints that can be exploited by an unauthenticated attacker with network access to disclose information. This is associated with CVE-2021-22027 and is addressed in V...

7.5CVSS7.3AI score0.0116EPSS
CVE
CVE
added 2021/08/30 5:54 p.m.71 views

CVE-2021-22026

The SSRF issue CVE-2021-22026 affects VMware vRealize Operations Manager API (versions 8.x before 8.5). The vulnerability allows an unauthenticated actor with network access to perform server-side requests, leading to information disclosure. VMware’s advisory (VMSA-2021-0018) details the affected...

7.5CVSS7.3AI score0.01128EPSS