CVE-2021-21983

Sažetak

Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system.

Reference

https://www.vmware.com/security/advisories/VMSA-2021-0004.html
http://packetstormsecurity.com/files/162349/VMware-vRealize-Operations-Manager-Server-Side-Request-Forgery-Code-Execution.html

CVSS

Base:	8.5
Impact:	9.2
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:S/C:N/I:C/A:C

Zadnje važnije ažuriranje

01-02-2022 - 17:45

Objavljeno

31-03-2021 - 18:15