CyberSec.Space Logo
CVEブラウザに戻る

CVE-2021-21975

Known Exploited (CISA KEV)HIGH
7.5
CVSS Severity Score
EPSS Score62.4190%
EPSS Percentile96.89th
Published2021年3月31日
Last Modified2025年10月30日

Vulnerability Description

Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.

Affected Platforms (CPE)

📦
Vmware

Cloud Foundation

= 3.0
📦
Vmware

Cloud Foundation

= 3.0.1
📦
Vmware

Cloud Foundation

= 3.0.1.1
📦
Vmware

Cloud Foundation

= 3.5
📦
Vmware

Cloud Foundation

= 3.5.1
📦
Vmware

Cloud Foundation

= 3.7
📦
Vmware

Cloud Foundation

= 3.7.1
📦
Vmware

Cloud Foundation

= 3.7.2
📦
Vmware

Cloud Foundation

= 3.8
📦
Vmware

Cloud Foundation

= 3.8.1
📦
Vmware

Cloud Foundation

= 3.9
📦
Vmware

Cloud Foundation

= 3.9.1
📦
Vmware

Cloud Foundation

= 3.10
📦
Vmware

Cloud Foundation

= 4.0
📦
Vmware

Cloud Foundation

= 4.0.1
📦
Vmware

Vrealize Operations Manager

= 7.0.0
📦
Vmware

Vrealize Operations Manager

= 7.5.0
📦
Vmware

Vrealize Operations Manager

= 8.0.0
📦
Vmware

Vrealize Operations Manager

= 8.0.1
📦
Vmware

Vrealize Operations Manager

= 8.1.0
📦
Vmware

Vrealize Operations Manager

= 8.1.1
📦
Vmware

Vrealize Operations Manager

= 8.2.0
📦
Vmware

Vrealize Operations Manager

= 8.3.0
📦
Vmware

Vrealize Suite Lifecycle Manager

= 8.0
📦
Vmware

Vrealize Suite Lifecycle Manager

= 8.0.1
📦
Vmware

Vrealize Suite Lifecycle Manager

= 8.1
📦
Vmware

Vrealize Suite Lifecycle Manager

= 8.2

References & Advisories

🔗 http://packetstormsecurity.com/files/162349/VMware-vRealize-Operations-Manager-Server-Side-Request-Forgery-Code-Execution.html
🔗 https://www.vmware.com/security/advisories/VMSA-2021-0004.html
🔗 http://packetstormsecurity.com/files/162349/VMware-vRealize-Operations-Manager-Server-Side-Request-Forgery-Code-Execution.html
🔗 https://www.vmware.com/security/advisories/VMSA-2021-0004.html
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21975

関連する脆弱性情報

CVE-2020-1184410.0

Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Ma...

CVE-2017-49929.8

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17...

CVE-2021-219729.8

The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with netwo...

CVE-2016-66559.8

An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions pri...