CyberSec.Space Logo
Back to CVE Browser

CVE-2021-21975

Known Exploited (CISA KEV)HIGH
7.5
CVSS Severity Score
EPSS Score62.4190%
EPSS Percentile96.89th
PublishedMar 31, 2021
Last ModifiedOct 30, 2025

Vulnerability Description

Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.

Affected Platforms (CPE)

πŸ“¦
Vmware

Cloud Foundation

= 3.0
πŸ“¦
Vmware

Cloud Foundation

= 3.0.1
πŸ“¦
Vmware

Cloud Foundation

= 3.0.1.1
πŸ“¦
Vmware

Cloud Foundation

= 3.5
πŸ“¦
Vmware

Cloud Foundation

= 3.5.1
πŸ“¦
Vmware

Cloud Foundation

= 3.7
πŸ“¦
Vmware

Cloud Foundation

= 3.7.1
πŸ“¦
Vmware

Cloud Foundation

= 3.7.2
πŸ“¦
Vmware

Cloud Foundation

= 3.8
πŸ“¦
Vmware

Cloud Foundation

= 3.8.1
πŸ“¦
Vmware

Cloud Foundation

= 3.9
πŸ“¦
Vmware

Cloud Foundation

= 3.9.1
πŸ“¦
Vmware

Cloud Foundation

= 3.10
πŸ“¦
Vmware

Cloud Foundation

= 4.0
πŸ“¦
Vmware

Cloud Foundation

= 4.0.1
πŸ“¦
Vmware

Vrealize Operations Manager

= 7.0.0
πŸ“¦
Vmware

Vrealize Operations Manager

= 7.5.0
πŸ“¦
Vmware

Vrealize Operations Manager

= 8.0.0
πŸ“¦
Vmware

Vrealize Operations Manager

= 8.0.1
πŸ“¦
Vmware

Vrealize Operations Manager

= 8.1.0
πŸ“¦
Vmware

Vrealize Operations Manager

= 8.1.1
πŸ“¦
Vmware

Vrealize Operations Manager

= 8.2.0
πŸ“¦
Vmware

Vrealize Operations Manager

= 8.3.0
πŸ“¦
Vmware

Vrealize Suite Lifecycle Manager

= 8.0
πŸ“¦
Vmware

Vrealize Suite Lifecycle Manager

= 8.0.1
πŸ“¦
Vmware

Vrealize Suite Lifecycle Manager

= 8.1
πŸ“¦
Vmware

Vrealize Suite Lifecycle Manager

= 8.2

References & Advisories

πŸ”— http://packetstormsecurity.com/files/162349/VMware-vRealize-Operations-Manager-Server-Side-Request-Forgery-Code-Execution.html
πŸ”— https://www.vmware.com/security/advisories/VMSA-2021-0004.html
πŸ”— http://packetstormsecurity.com/files/162349/VMware-vRealize-Operations-Manager-Server-Side-Request-Forgery-Code-Execution.html
πŸ”— https://www.vmware.com/security/advisories/VMSA-2021-0004.html
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21975

Related Vulnerabilities

CVE-2020-1184410.0

Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Ma...

CVE-2017-49929.8

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17...

CVE-2021-219729.8

The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with netwo...

CVE-2016-66559.8

An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions pri...