VYPR

vRealize Operations Manager

by VMware

CVEs (8)

  • CVE-2021-21975HigKEVMar 31, 2021
    risk 0.76cvss 7.5epss 0.78

    Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.

  • CVE-2021-21983MedMar 31, 2021
    risk 0.51cvss 6.5epss 0.69

    Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating…

  • CVE-2021-22027HigAug 30, 2021
    risk 0.49cvss 7.5epss 0.01

    The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information…

  • CVE-2021-22026HigAug 30, 2021
    risk 0.49cvss 7.5epss 0.01

    The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information…

  • CVE-2021-22025HigAug 30, 2021
    risk 0.49cvss 7.5epss 0.01

    The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerability leading to unauthenticated API access. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can add new nodes to existing vROps cluster.

  • CVE-2021-22024HigAug 30, 2021
    risk 0.49cvss 7.5epss 0.01

    The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can read any log file resulting in sensitive information disclosure.

  • CVE-2021-22023HigAug 30, 2021
    risk 0.47cvss 7.2epss 0.01

    The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover.

  • CVE-2021-22022MedAug 30, 2021
    risk 0.32cvss 4.9epss 0.01

    The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability. A malicious actor with administrative access to vRealize Operations Manager API can read any arbitrary file on server leading to information disclosure.