Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/162349/VMware-vRealize-Operations-Manager-Server-Side-Request-Forgery-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
https://www.vmware.com/security/advisories/VMSA-2021-0004.html | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: vmware
Published: 2021-03-31T17:51:51
Updated: 2021-04-27T16:08:33
Reserved: 2021-01-04T00:00:00
Link: CVE-2021-21975
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-03-31T18:15:14.597
Modified: 2022-02-01T17:45:43.750
Link: CVE-2021-21975
JSON object: View
Redhat Information
No data.
CWE