CVE-2021-21983 - Vulnerability Details

Vendors	Products
Vmware	Cloud Foundation Vrealize Operations Manager Vrealize Suite Lifecycle Manager

Link	Providers
http://packetstormsecurity.com/files/162349/VMware-vRealize-Operations-Manager-Server-Side-Request-Forgery-Code-Execution.html
https://www.vmware.com/security/advisories/VMSA-2021-0004.html

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "VMware vRealize Operations", "vendor": "n/a", "versions": [{"status": "affected", "version": "VMware vRealize Operations prior to 8.4"}]}], "descriptions": [{"lang": "en", "value": "Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system."}], "problemTypes": [{"descriptions": [{"description": "Arbitrary file write vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-04-27T16:08:34", "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.vmware.com/security/advisories/VMSA-2021-0004.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/162349/VMware-vRealize-Operations-Manager-Server-Side-Request-Forgery-Code-Execution.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@vmware.com", "ID": "CVE-2021-21983", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "VMware vRealize Operations", "version": {"version_data": [{"version_value": "VMware vRealize Operations prior to 8.4"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Arbitrary file write vulnerability"}]}]}, "references": {"reference_data": [{"name": "https://www.vmware.com/security/advisories/VMSA-2021-0004.html", "refsource": "MISC", "url": "https://www.vmware.com/security/advisories/VMSA-2021-0004.html"}, {"name": "http://packetstormsecurity.com/files/162349/VMware-vRealize-Operations-Manager-Server-Side-Request-Forgery-Code-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/162349/VMware-vRealize-Operations-Manager-Server-Side-Request-Forgery-Code-Execution.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:30:23.722Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.vmware.com/security/advisories/VMSA-2021-0004.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/162349/VMware-vRealize-Operations-Manager-Server-Side-Request-Forgery-Code-Execution.html"}]}]}, "cveMetadata": {"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "assignerShortName": "vmware", "cveId": "CVE-2021-21983", "datePublished": "2021-03-31T17:50:36", "dateReserved": "2021-01-04T00:00:00", "dateUpdated": "2024-08-03T18:30:23.722Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : VMware vRealize Operations (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : VMware vRealize Operations prior to 8.4 (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Arbitrary file write vulnerability (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2021-04-27T16:08:34 (string)

orgId : dcf2e128-44bd-42ed-91e8-88f912c1401d (string)

shortName : vmware (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.vmware.com/security/advisories/VMSA-2021-0004.html (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : http://packetstormsecurity.com/files/162349/VMware-vRealize-Operations-Manager-Server-Side-Request-Forgery-Code-Execution.html (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : security@vmware.com (string)

ID : CVE-2021-21983 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : VMware vRealize Operations (string)

version : { »

version_data : [ »

0 : { »

version_value : VMware vRealize Operations prior to 8.4 (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Arbitrary file write vulnerability (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://www.vmware.com/security/advisories/VMSA-2021-0004.html (string)

refsource : MISC (string)

url : https://www.vmware.com/security/advisories/VMSA-2021-0004.html (string)

}

1 : { »

name : http://packetstormsecurity.com/files/162349/VMware-vRealize-Operations-Manager-Server-Side-Request-Forgery-Code-Execution.html (string)

refsource : MISC (string)

url : http://packetstormsecurity.com/files/162349/VMware-vRealize-Operations-Manager-Server-Side-Request-Forgery-Code-Execution.html (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T18:30:23.722Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.vmware.com/security/advisories/VMSA-2021-0004.html (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : http://packetstormsecurity.com/files/162349/VMware-vRealize-Operations-Manager-Server-Side-Request-Forgery-Code-Execution.html (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : dcf2e128-44bd-42ed-91e8-88f912c1401d (string)

assignerShortName : vmware (string)

cveId : CVE-2021-21983 (string)

datePublished : 2021-03-31T17:50:36 (string)

dateReserved : 2021-01-04T00:00:00 (string)

dateUpdated : 2024-08-03T18:30:23.722Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BEACD8D-30EF-44FE-839B-DA69E6CED23A", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "36847AD6-88CC-4228-AB4E-5161B381267C", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.0.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "6FC3C214-DEFC-48D9-8728-31F19095375E", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "0BF5CF56-8DE1-42F5-9EC1-E5666DD7FA59", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "36668618-33C3-460A-879B-A9741405C9D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.7:*:*:*:*:*:*:*", "matchCriteriaId": "8266FD66-3BB6-4720-9D9F-06EFB38FA4B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "8D4C25D3-BC49-4727-B7A2-28C0F2E647EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "3E9AB6FF-D508-42FF-8FB9-24B96AE2F03F", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.8:*:*:*:*:*:*:*", "matchCriteriaId": "328785AE-390C-4CA2-9771-4A26387E4E3E", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "298B797F-C3B6-445C-AADB-8633B446F10F", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.9:*:*:*:*:*:*:*", "matchCriteriaId": "F97BA12F-A60D-4398-9CA8-DE2F7BACBA8D", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "E19009EB-02D3-424A-947D-7B66EFCCE422", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.10:*:*:*:*:*:*:*", "matchCriteriaId": "89656A51-0840-4A27-B05B-7E54B0CF0521", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "38EB0C0C-56CF-4A8F-A36F-E0E180B9059E", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A54544F5-5929-4609-A91C-FCA0FDBFE862", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vrealize_operations_manager:7.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B7985EA2-E167-4BB9-91CA-D57110413B63", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vrealize_operations_manager:7.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BC6471F-2FB5-4C7A-9B5D-0B08A8E2C08C", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vrealize_operations_manager:8.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B5F35204-5A57-4086-B782-77A25471F9EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vrealize_operations_manager:8.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "536C689B-F40A-4090-B7F9-3D16C6B2A82C", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vrealize_operations_manager:8.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "76A32960-1C18-4DA5-A870-C15C432B6CE3", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vrealize_operations_manager:8.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "4FCFFA39-F7EA-4065-B0B5-A1E2B120EBA0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vrealize_operations_manager:8.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "7B612FDA-4210-44FE-9B5C-F678EA2CD6FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vrealize_operations_manager:8.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "C0256D20-63D3-4DE9-9637-94033F11FC7C", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "E3318D91-40AC-4649-8FCD-4557C8F934B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A06C29AB-1EAF-43EF-96C3-9E3468911B2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "43723EC2-295E-4AF7-B654-70F9E42F4807", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "CFB84C30-EE5D-4C15-A74E-7B2B3E0DED4D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system."}, {"lang": "es", "value": "La vulnerabilidad de escritura arbitraria de archivos en la API vRealize Operations Manager (CVE-2021-21983) anterior a la versi\u00f3n 8.4, puede permitir que un actor malicioso autenticado con acceso de red para la API vRealize Operations Manager pueda escribir archivos en ubicaciones arbitrarias en el sistema operativo photon subyacente."}], "id": "CVE-2021-21983", "lastModified": "2024-11-21T05:49:22.170", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 8.5, "confidentialityImpact": "NONE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 9.2, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-03-31T18:15:14.723", "references": [{"source": "security@vmware.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/162349/VMware-vRealize-Operations-Manager-Server-Side-Request-Forgery-Code-Execution.html"}, {"source": "security@vmware.com", "tags": ["Vendor Advisory"], "url": "https://www.vmware.com/security/advisories/VMSA-2021-0004.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/162349/VMware-vRealize-Operations-Manager-Server-Side-Request-Forgery-Code-Execution.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.vmware.com/security/advisories/VMSA-2021-0004.html"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:vmware:cloud_foundation:3.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 6BEACD8D-30EF-44FE-839B-DA69E6CED23A (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:vmware:cloud_foundation:3.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 36847AD6-88CC-4228-AB4E-5161B381267C (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:vmware:cloud_foundation:3.0.1.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 6FC3C214-DEFC-48D9-8728-31F19095375E (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:vmware:cloud_foundation:3.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 0BF5CF56-8DE1-42F5-9EC1-E5666DD7FA59 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:vmware:cloud_foundation:3.5.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 36668618-33C3-460A-879B-A9741405C9D0 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:vmware:cloud_foundation:3.7:*:*:*:*:*:*:* (string)

matchCriteriaId : 8266FD66-3BB6-4720-9D9F-06EFB38FA4B6 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:vmware:cloud_foundation:3.7.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 8D4C25D3-BC49-4727-B7A2-28C0F2E647EC (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:vmware:cloud_foundation:3.7.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 3E9AB6FF-D508-42FF-8FB9-24B96AE2F03F (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:vmware:cloud_foundation:3.8:*:*:*:*:*:*:* (string)

matchCriteriaId : 328785AE-390C-4CA2-9771-4A26387E4E3E (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:vmware:cloud_foundation:3.8.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 298B797F-C3B6-445C-AADB-8633B446F10F (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:vmware:cloud_foundation:3.9:*:*:*:*:*:*:* (string)

matchCriteriaId : F97BA12F-A60D-4398-9CA8-DE2F7BACBA8D (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:vmware:cloud_foundation:3.9.1:*:*:*:*:*:*:* (string)

matchCriteriaId : E19009EB-02D3-424A-947D-7B66EFCCE422 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:vmware:cloud_foundation:3.10:*:*:*:*:*:*:* (string)

matchCriteriaId : 89656A51-0840-4A27-B05B-7E54B0CF0521 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:vmware:cloud_foundation:4.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 38EB0C0C-56CF-4A8F-A36F-E0E180B9059E (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:vmware:cloud_foundation:4.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : A54544F5-5929-4609-A91C-FCA0FDBFE862 (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:vmware:vrealize_operations_manager:7.0.0:*:*:*:*:*:*:* (string)

matchCriteriaId : B7985EA2-E167-4BB9-91CA-D57110413B63 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:vmware:vrealize_operations_manager:7.5.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 6BC6471F-2FB5-4C7A-9B5D-0B08A8E2C08C (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:vmware:vrealize_operations_manager:8.0.0:*:*:*:*:*:*:* (string)

matchCriteriaId : B5F35204-5A57-4086-B782-77A25471F9EA (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:vmware:vrealize_operations_manager:8.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 536C689B-F40A-4090-B7F9-3D16C6B2A82C (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:a:vmware:vrealize_operations_manager:8.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 76A32960-1C18-4DA5-A870-C15C432B6CE3 (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:a:vmware:vrealize_operations_manager:8.1.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 4FCFFA39-F7EA-4065-B0B5-A1E2B120EBA0 (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:a:vmware:vrealize_operations_manager:8.2.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 7B612FDA-4210-44FE-9B5C-F678EA2CD6FD (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:a:vmware:vrealize_operations_manager:8.3.0:*:*:*:*:*:*:* (string)

matchCriteriaId : C0256D20-63D3-4DE9-9637-94033F11FC7C (string)

vulnerable : true (boolean)

}

23 : { »

criteria : cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.0:*:*:*:*:*:*:* (string)

matchCriteriaId : E3318D91-40AC-4649-8FCD-4557C8F934B9 (string)

vulnerable : true (boolean)

}

24 : { »

criteria : cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : A06C29AB-1EAF-43EF-96C3-9E3468911B2F (string)

vulnerable : true (boolean)

}

25 : { »

criteria : cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 43723EC2-295E-4AF7-B654-70F9E42F4807 (string)

vulnerable : true (boolean)

}

26 : { »

criteria : cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.2:*:*:*:*:*:*:* (string)

matchCriteriaId : CFB84C30-EE5D-4C15-A74E-7B2B3E0DED4D (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system. (string)

}

1 : { »

lang : es (string)

value : La vulnerabilidad de escritura arbitraria de archivos en la API vRealize Operations Manager (CVE-2021-21983) anterior a la versión 8.4, puede permitir que un actor malicioso autenticado con acceso de red para la API vRealize Operations Manager pueda escribir archivos en ubicaciones arbitrarias en el sistema operativo photon subyacente. (string)

}

]

id : CVE-2021-21983 (string)

lastModified : 2024-11-21T05:49:22.170 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : COMPLETE (string)

baseScore : 8.5 (number)

confidentialityImpact : NONE (string)

integrityImpact : COMPLETE (string)

vectorString : AV:N/AC:L/Au:S/C:N/I:C/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 8 (number)

impactScore : 9.2 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 6.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : HIGH (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.2 (number)

impactScore : 5.2 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2021-03-31T18:15:14.723 (string)

references : [ »

0 : { »

source : security@vmware.com (string)

tags : [ »

0 : Exploit (string)

1 : Third Party Advisory (string)

2 : VDB Entry (string)

]

url : http://packetstormsecurity.com/files/162349/VMware-vRealize-Operations-Manager-Server-Side-Request-Forgery-Code-Execution.html (string)

}

1 : { »

source : security@vmware.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.vmware.com/security/advisories/VMSA-2021-0004.html (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Third Party Advisory (string)

2 : VDB Entry (string)

]

url : http://packetstormsecurity.com/files/162349/VMware-vRealize-Operations-Manager-Server-Side-Request-Forgery-Code-Execution.html (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.vmware.com/security/advisories/VMSA-2021-0004.html (string)

}

]

sourceIdentifier : security@vmware.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-noinfo (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object