CVE-2021-21984
published 2021-05-07CVE-2021-21984: VMware vRealize Business for Cloud 7.x prior to 7.6.0 contains a remote code execution vulnerability due to an unauthorised end point. A malicious actor with…
PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.98%
78.1th percentile
VMware vRealize Business for Cloud 7.x prior to 7.6.0 contains a remote code execution vulnerability due to an unauthorised end point. A malicious actor with network access may exploit this issue causing unauthorised remote code execution on vRealize Business for Cloud Virtual Appliance.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | vrealize_business_for_cloud | >= 7.0 < 7.6.0 | 7.6.0 |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability is exploitable by any unauthenticated actor with network access, targeting an unauthorised/exposed endpoint in vRealize Business for Cloud Virtual Appliance. Detection should focus on unexpected or unauthenticated HTTP requests to sensitive API endpoints on vRealize Business for Cloud (versions 7.x prior to 7.6.0). ↗
- →Flag network-accessible vRealize Business for Cloud appliances running versions prior to 7.6.0 as unpatched and at critical risk (CVSSv3 9.8). Prioritize detection of RCE attempts against these appliances from untrusted network segments. ↗
- ·Only VMware vRealize Business for Cloud versions 7.x prior to 7.6.0 are affected. Version 7.6.0 and later are patched and not vulnerable. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VMware
VMware vRealize Business for Cloud updates address a remote code execution vulnerability (CVE-2021-21984)
vendor_vmware·2021-05-05·CVSS 9.8
CVE-2021-21984 [CRITICAL] VMware vRealize Business for Cloud updates address a remote code execution vulnerability (CVE-2021-21984)
VMSA-2021-0007: VMware vRealize Business for Cloud updates address a remote code execution vulnerability (CVE-2021-21984)
VMware vRealize Business for Cloud contains a remote code execution vulnerability due to an unauthorised end point. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
CVEs: CVE-2021-21984
Affected products: VMware Aria, VMware vRealize
GHSA
GHSA-cq88-rgr6-q7vm: VMware vRealize Business for Cloud 7
ghsa_unreviewed·2022-05-24
CVE-2021-21984 [CRITICAL] CWE-77 GHSA-cq88-rgr6-q7vm: VMware vRealize Business for Cloud 7
VMware vRealize Business for Cloud 7.x prior to 7.6.0 contains a remote code execution vulnerability due to an unauthorised end point. A malicious actor with network access may exploit this issue causing unauthorised remote code execution on vRealize Business for Cloud Virtual Appliance.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-05-07
Published