Vulnerability identifier: #VU51807

Vulnerability risk: Medium

CVSSv3.1: 7.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C]

CVE-ID: CVE-2021-21975

CWE-ID: CWE-918

Exploitation vector: Network

Exploits in database: 10

• August 16, 2022
  • CVE-2021-21983 ([CVE-2021-21983] VMware vRealize Operations (vROps) Manager API Arbitrary File Write Leads to Remote Code Execution (RCE)) [Github]
• October 11, 2021
  • VMWare-vRealize-SSRF (VMWare vRealize SSRF-CVE-2021-21975) [Github]
• September 29, 2021
  • exp_hub (漏洞复现与poc收集，CVE-2021-21975，cve-2021-22005，CVE-2021-26295，VMware vCenter任意文件读取) [Github]
• August 8, 2021
  • CVE-2021-21975 ([CVE-2021-21975] VMware vRealize Operations Manager API Server Side Request Forgery (SSRF)) [Github]
• July 4, 2021
  • CVE-2021-21975 () [Github]
• June 16, 2021
  • REALITY_SMASHER (vRealize RCE + Privesc (CVE-2021-21975, CVE-2021-21983, CVE-0DAY-?????)) [Github]
• June 10, 2021
  • VMWare-CVE-2021-21975 (VMWare-CVE-2021-21975 SSRF vulnerability) [Github]
• May 24, 2021
  • CVE-2021-21975 (Nmap script to check vulnerability CVE-2021-21975) [Github]
• May 9, 2021
  • VMware vRealize Operations (vROps) Manager SSRF RCE [Metasploit]
• April 6, 2021
  • CVE2021-21975 () [Github]

Impact: Information disclosure

Vulnerable software:
VMware vRealize Operations Manager (vROps)
Server applications / Virtualization software

Vendor: VMware, Inc