{"containers": {"cna": {"affected": [{"product": "VMware vRealize Operations", "vendor": "n/a", "versions": [{"status": "affected", "version": "VMware vRealize Operations prior to 8.4"}]}], "descriptions": [{"lang": "en", "value": "Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system."}], "problemTypes": [{"descriptions": [{"description": "Arbitrary file write vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-04-27T16:08:34", "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.vmware.com/security/advisories/VMSA-2021-0004.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/162349/VMware-vRealize-Operations-Manager-Server-Side-Request-Forgery-Code-Execution.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@vmware.com", "ID": "CVE-2021-21983", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "VMware vRealize Operations", "version": {"version_data": [{"version_value": "VMware vRealize Operations prior to 8.4"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Arbitrary file write vulnerability"}]}]}, "references": {"reference_data": [{"name": "https://www.vmware.com/security/advisories/VMSA-2021-0004.html", "refsource": "MISC", "url": "https://www.vmware.com/security/advisories/VMSA-2021-0004.html"}, {"name": "http://packetstormsecurity.com/files/162349/VMware-vRealize-Operations-Manager-Server-Side-Request-Forgery-Code-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/162349/VMware-vRealize-Operations-Manager-Server-Side-Request-Forgery-Code-Execution.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:30:23.722Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.vmware.com/security/advisories/VMSA-2021-0004.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/162349/VMware-vRealize-Operations-Manager-Server-Side-Request-Forgery-Code-Execution.html"}]}]}, "cveMetadata": {"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "assignerShortName": "vmware", "cveId": "CVE-2021-21983", "datePublished": "2021-03-31T17:50:36", "dateReserved": "2021-01-04T00:00:00", "dateUpdated": "2024-08-03T18:30:23.722Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BEACD8D-30EF-44FE-839B-DA69E6CED23A", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "36847AD6-88CC-4228-AB4E-5161B381267C", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.0.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "6FC3C214-DEFC-48D9-8728-31F19095375E", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "0BF5CF56-8DE1-42F5-9EC1-E5666DD7FA59", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "36668618-33C3-460A-879B-A9741405C9D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.7:*:*:*:*:*:*:*", "matchCriteriaId": "8266FD66-3BB6-4720-9D9F-06EFB38FA4B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "8D4C25D3-BC49-4727-B7A2-28C0F2E647EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "3E9AB6FF-D508-42FF-8FB9-24B96AE2F03F", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.8:*:*:*:*:*:*:*", "matchCriteriaId": "328785AE-390C-4CA2-9771-4A26387E4E3E", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "298B797F-C3B6-445C-AADB-8633B446F10F", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.9:*:*:*:*:*:*:*", "matchCriteriaId": "F97BA12F-A60D-4398-9CA8-DE2F7BACBA8D", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "E19009EB-02D3-424A-947D-7B66EFCCE422", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:3.10:*:*:*:*:*:*:*", "matchCriteriaId": "89656A51-0840-4A27-B05B-7E54B0CF0521", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "38EB0C0C-56CF-4A8F-A36F-E0E180B9059E", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A54544F5-5929-4609-A91C-FCA0FDBFE862", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vrealize_operations_manager:7.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B7985EA2-E167-4BB9-91CA-D57110413B63", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vrealize_operations_manager:7.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BC6471F-2FB5-4C7A-9B5D-0B08A8E2C08C", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vrealize_operations_manager:8.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B5F35204-5A57-4086-B782-77A25471F9EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vrealize_operations_manager:8.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "536C689B-F40A-4090-B7F9-3D16C6B2A82C", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vrealize_operations_manager:8.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "76A32960-1C18-4DA5-A870-C15C432B6CE3", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vrealize_operations_manager:8.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "4FCFFA39-F7EA-4065-B0B5-A1E2B120EBA0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vrealize_operations_manager:8.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "7B612FDA-4210-44FE-9B5C-F678EA2CD6FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vrealize_operations_manager:8.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "C0256D20-63D3-4DE9-9637-94033F11FC7C", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "E3318D91-40AC-4649-8FCD-4557C8F934B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A06C29AB-1EAF-43EF-96C3-9E3468911B2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "43723EC2-295E-4AF7-B654-70F9E42F4807", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "CFB84C30-EE5D-4C15-A74E-7B2B3E0DED4D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system."}, {"lang": "es", "value": "La vulnerabilidad de escritura arbitraria de archivos en la API vRealize Operations Manager (CVE-2021-21983) anterior a la versi\u00f3n 8.4, puede permitir que un actor malicioso autenticado con acceso de red para la API vRealize Operations Manager pueda escribir archivos en ubicaciones arbitrarias en el sistema operativo photon subyacente."}], "id": "CVE-2021-21983", "lastModified": "2024-11-21T05:49:22.170", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 8.5, "confidentialityImpact": "NONE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 9.2, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-03-31T18:15:14.723", "references": [{"source": "security@vmware.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/162349/VMware-vRealize-Operations-Manager-Server-Side-Request-Forgery-Code-Execution.html"}, {"source": "security@vmware.com", "tags": ["Vendor Advisory"], "url": "https://www.vmware.com/security/advisories/VMSA-2021-0004.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/162349/VMware-vRealize-Operations-Manager-Server-Side-Request-Forgery-Code-Execution.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.vmware.com/security/advisories/VMSA-2021-0004.html"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}