CVE-2021-21983

6.5MEDIUM

Key Information:

Vendor: Vmware
Status: Vmware Vrealize Operations
Vendor: CVE Published:; 31 March 2021

Badges

👾 Exploit Exists🟡 Public PoC

Summary

Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system.

Affected Version(s)

VMware vRealize Operations VMware vRealize Operations prior to 8.4

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2021-21983
Created by murataydemir

References

https://www.vmware.com/security/advisories/VMSA-2021-0004...

x_refsource_MISC

http://packetstormsecurity.com/files/162349/VMware-vReali...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Mar 16, 2022
👾
Exploit known to exist
Mar 16, 2022
Vulnerability published
Mar 31, 2021
Vulnerability Reserved
Jan 4, 2021