8 matches found
CVE-2021-21975
CVE-2021-21975 (vROps SSRF) affects VMware vRealize Operations Manager API prior to 8.4. An attacker with network access can abuse SSRF via /casa/nodes/thumbprints to read internal resources and steal administrative credentials; when combined with CVE-2021-21983 (post-auth file write) this chain ...
CVE-2021-21983
CVE-2021-21983 is an authenticated arbitrary file write vulnerability in the VMware vRealize Operations Manager API (pre-8.4). A network‑accessible attacker can leverage the API to write files to arbitrary locations on the underlying Photon OS, potentially enabling code execution as illustrated i...
CVE-2021-22024
CVE-2021-22024 is an arbitrary log-file read vulnerability in the vRealize Operations Manager API (affecting 8.x prior to 8.5). An unauthenticated attacker with network access to the API can read arbitrary log files, exposing sensitive data. The issue is part of a set of vulnerabilities (CVE-2021...
CVE-2021-22025
CVE-2021-22025 pertains to VMware vRealize Operations Manager API, where a broken access control vulnerability allows an unauthenticated attacker to add new nodes to a vROps cluster. The issue affects multiple 8.x releases prior to 8.5, with the highest impact in 8.4.x/8.3.x/8.2.x/8.1.x/8.0.x/7.5...
CVE-2021-22022
Summary (CVE-2021-22022) : VMware vRealize Operations Manager API (versions 8.x before 8.5) contains an arbitrary file read vulnerability. An attacker with administrative access to the vROps API can read arbitrary files on the server, causing information disclosure. The issue is tied to the vROps...
CVE-2021-22023
CVE-2021-22023 affects VMware vRealize Operations Manager API (8.x) before 8.5. The vulnerability is an insecure direct object reference that could allow a user with administrative API access to modify other users’ information, potentially enabling account takeover. The available connected source...
CVE-2021-22027
Summary of CVE-2021-22027 : The vRealize Operations Manager API contains a Server Side Request Forgery vulnerability in multiple endpoints that can be exploited by an unauthenticated attacker with network access to disclose information. This is associated with CVE-2021-22027 and is addressed in V...
CVE-2021-22026
The SSRF issue CVE-2021-22026 affects VMware vRealize Operations Manager API (versions 8.x before 8.5). The vulnerability allows an unauthenticated actor with network access to perform server-side requests, leading to information disclosure. VMware’s advisory (VMSA-2021-0018) details the affected...