CVE-2021-21983

Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
vmwarecloud_foundation
3.0
vmwarecloud_foundation
3.0.1
vmwarecloud_foundation
3.0.1.1
vmwarecloud_foundation
3.5
vmwarecloud_foundation
3.5.1
vmwarecloud_foundation
3.7
vmwarecloud_foundation
3.7.1
vmwarecloud_foundation
3.7.2
vmwarecloud_foundation
3.8
vmwarecloud_foundation
3.8.1
vmwarecloud_foundation
3.9
vmwarecloud_foundation
3.9.1
vmwarecloud_foundation
3.10
vmwarecloud_foundation
4.0
vmwarecloud_foundation
4.0.1
vmwarevrealize_operations_manager
7.0.0
vmwarevrealize_operations_manager
7.5.0
vmwarevrealize_operations_manager
8.0.0
vmwarevrealize_operations_manager
8.0.1
vmwarevrealize_operations_manager
8.1.0
vmwarevrealize_operations_manager
8.1.1
vmwarevrealize_operations_manager
8.2.0
vmwarevrealize_operations_manager
8.3.0
vmwarevrealize_suite_lifecycle_manager
8.0
vmwarevrealize_suite_lifecycle_manager
8.0.1
vmwarevrealize_suite_lifecycle_manager
8.1
vmwarevrealize_suite_lifecycle_manager
8.2
𝑥
= Vulnerable software versions
References
http://packetstormsecurity.com/files/162349/VMware-vRealize-Operations-Manager-Server-Side-Request-Forgery-Code-Execution.html
https://www.vmware.com/security/advisories/VMSA-2021-0004.html
http://packetstormsecurity.com/files/162349/VMware-vRealize-Operations-Manager-Server-Side-Request-Forgery-Code-Execution.html
https://www.vmware.com/security/advisories/VMSA-2021-0004.html