CVE-2021-22033

CWE-918Server-Side Request Forgery (SSRF)4 documents4 sources
Severity
2.7LOW
EPSS
0.2%
top 63.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Vmware Vrealize OperationsVmware Cloud FoundationVmware Vrealize Suite Lifecycle Manager
Timeline
PublishedOct 13
Latest updateMay 24

Description

Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages4 packages

NVDvmware/vrealize_operations7.0.08.6.0
CVEListV5vmware_vrealize_operationsReleases prior to VMware vRealize Operations 8.6
NVDvmware/cloud_foundation3.0.04.3.1

Patches

Patch: www.vmware.comPatch: www.vmware.com

🔴Vulnerability Details

2
GHSA
GHSA-r2cc-q3jw-4vhv: Releases prior to VMware vRealize Operations 82022-05-24
CVEList
CVE-2021-22033: Releases prior to VMware vRealize Operations 82021-10-13

📋Vendor Advisories

1
VMware
VMware vRealize Operations update addresses SSRF Vulnerability (CVE-2021-22033)2021-10-12
CVE-2021-22033 (LOW CVSS 2.7) | Releases prior to VMware vRealize O | cvebase.io