8.5

CVE-2021-21983

Exploit

Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system.

Data is provided by the National Vulnerability Database (NVD)
VMwareCloud Foundation Version3.0
VMwareCloud Foundation Version3.0.1
VMwareCloud Foundation Version3.0.1.1
VMwareCloud Foundation Version3.5
VMwareCloud Foundation Version3.5.1
VMwareCloud Foundation Version3.7
VMwareCloud Foundation Version3.7.1
VMwareCloud Foundation Version3.7.2
VMwareCloud Foundation Version3.8
VMwareCloud Foundation Version3.8.1
VMwareCloud Foundation Version3.9
VMwareCloud Foundation Version3.9.1
VMwareCloud Foundation Version3.10
VMwareCloud Foundation Version4.0
VMwareCloud Foundation Version4.0.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 83.18% 0.992
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.5 1.2 5.2
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
nvd@nist.gov 8.5 8 9.2
AV:N/AC:L/Au:S/C:N/I:C/A:C