CVE-2021-21975
published 2021-03-31CVE-2021-21975: Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2022-02-01
Exploited in the wild
Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.
Affected
27 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | cloud_foundation | — | — |
| vmware | cloud_foundation | — | — |
| vmware | cloud_foundation | — | — |
| vmware | cloud_foundation | — | — |
| vmware | cloud_foundation | — | — |
| vmware | cloud_foundation | — | — |
| vmware | cloud_foundation | — | — |
| vmware | cloud_foundation | — | — |
| vmware | cloud_foundation | — | — |
| vmware | cloud_foundation | — | — |
| vmware | cloud_foundation | — | — |
| vmware | cloud_foundation | — | — |
| vmware | cloud_foundation | — | — |
| vmware | cloud_foundation | — | — |
| vmware | cloud_foundation | — | — |
| vmware | vrealize_operations_manager | — | — |
| vmware | vrealize_operations_manager | — | — |
| vmware | vrealize_operations_manager | — | — |
| vmware | vrealize_operations_manager | — | — |
| vmware | vrealize_operations_manager | — | — |
| vmware | vrealize_operations_manager | — | — |
| vmware | vrealize_operations_manager | — | — |
| vmware | vrealize_operations_manager | — | — |
| vmware | vrealize_suite_lifecycle_manager | — | — |
| vmware | vrealize_suite_lifecycle_manager | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vulncheck7.5HIGH
cisa7.5HIGH