CVE-2021-21983

Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system.

Published: Mar 31, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-21983
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

CVSS v2:

Severity: High
Score: 8.5
AV:N/AC:L/Au:S/C:N/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
vmware / cloud_foundation	4.0	4.0.x
vmware / cloud_foundation	4.0.1	4.0.1.x
vmware / vrealize_suite_lifecycle_manager	8.0	8.0.x
vmware / vrealize_suite_lifecycle_manager	8.0.1	8.0.1.x
vmware / vrealize_suite_lifecycle_manager	8.1	8.1.x
vmware / vrealize_suite_lifecycle_manager	8.2	8.2.x
vmware / cloud_foundation	3.0	3.0.x
vmware / cloud_foundation	3.0.1	3.0.1.x
vmware / cloud_foundation	3.0.1.1	3.0.1.1.x
vmware / cloud_foundation	3.5	3.5.x
vmware / cloud_foundation	3.5.1	3.5.1.x
vmware / cloud_foundation	3.7	3.7.x
vmware / cloud_foundation	3.7.1	3.7.1.x
vmware / cloud_foundation	3.7.2	3.7.2.x
vmware / cloud_foundation	3.8	3.8.x
vmware / cloud_foundation	3.8.1	3.8.1.x
vmware / cloud_foundation	3.9	3.9.x
vmware / cloud_foundation	3.9.1	3.9.1.x
vmware / cloud_foundation	3.10	3.10.x
vmware / vrealize_operations_manager	8.2.0	8.2.0.x
vmware / vrealize_operations_manager	8.3.0	8.3.0.x
vmware / vrealize_operations_manager	7.5.0	7.5.0.x
vmware / vrealize_operations_manager	8.1.0	8.1.0.x
vmware / vrealize_operations_manager	8.0.1	8.0.1.x
vmware / vrealize_operations_manager	8.1.1	8.1.1.x
vmware / vrealize_operations_manager	8.0.0	8.0.0.x
vmware / vrealize_operations_manager	7.0.0	7.0.0.x

Vulnerability Database

289,697

CVE-2021-21983