Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/162349/VMware-vRealize-Operations-Manager-Server-Side-Request-Forgery-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
https://www.vmware.com/security/advisories/VMSA-2021-0004.html | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: vmware
Published: 2021-03-31T17:50:36
Updated: 2021-04-27T16:08:34
Reserved: 2021-01-04T00:00:00
Link: CVE-2021-21983
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-03-31T18:15:14.723
Modified: 2022-02-01T17:45:43.760
Link: CVE-2021-21983
JSON object: View
Redhat Information
No data.
CWE