CVE-2021-21975 Scanner

vRealize Operations Manager is an operations management and monitoring tool that helps IT teams manage and monitor their virtual and physical infrastructure. The vRealize Operations Manager API is used by developers and administrators to automate tasks, retrieve performance data, and integrate with other tools. It provides a RESTful API, which allows users to interact with the vRealize Operations Manager system programmatically.

One of the vulnerabilities detected in vRealize Operations Manager API is CVE-2021-21975, which affects versions prior to 8.4. This vulnerability allows a malicious actor with network access to the vRealize Operations Manager API to perform a Server Side Request Forgery (SSRF) attack. SSRF attacks are particularly dangerous since the attacker can use internal network services to read and modify data or execute arbitrary code on the target server.

When exploited, this vulnerability can lead to the theft of administrative credentials. This could allow the attacker to gain full control over the vRealize Operations Manager system, potentially leading to data breaches, theft of intellectual property, and other malicious activities. Moreover, the attacker could pivot to other systems on the network, creating a chain of vulnerabilities that can be difficult to detect and remediate.

At SecurityForEveryone.com, we provide a powerful platform that helps organizations identify, prioritize, and remediate vulnerabilities in their digital assets. Our advanced features, such as automated vulnerability scanning and threat intelligence, enable organizations to stay ahead of emerging threats like CVE-2021-21975. Sign up for a demo today and see how we can help you secure your digital assets.

REFERENCES

• https://www.vmware.com/security/advisories/VMSA-2021-0004.html