CVE-2021-21975

Description

Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.

NVD
Severity: HIGH
CVE ID: CVE-2021-21975
CVSS Score: 7.5
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Refrence: NVD MITRE

Proof Of Concept

Nuclei Templates for CVE-2021-21975

Refrence: Project Discovery GitHub

Henry4E36

VMWare vRealize SSRF-CVE-2021-21975

Refrence: GitHub

dorkerdevil

Refrence: GitHub

Al1ex

CVE-2021-21975 vRealize Operations Manager SSRF

Refrence: GitHub

TheTh1nk3r

漏洞复现与poc收集，CVE-2021-21975，cve-2021-22005，CVE-2021-26295，VMware vCenter任意文件读取

Refrence: GitHub

GuayoyoCyber

Nmap script to check vulnerability CVE-2021-21975

Refrence: GitHub

murataydemir

[CVE-2021-21975] VMware vRealize Operations Manager API Server Side Request Forgery (SSRF)

Refrence: GitHub

rabidwh0re

vRealize RCE + Privesc (CVE-2021-21975, CVE-2021-21983, CVE-0DAY-?????)

Refrence: GitHub

Vulnmachines

VMWare-CVE-2021-21975 SSRF vulnerability

Refrence: GitHub

Content on GitHub

zhzyker | watchers:3278

vulmap
Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能

Refrence: GitHub

CyberCommands | watchers:1

CVE2021-21975

Refrence: GitHub

Description​

Proof Of Concept​

Content on GitHub​

Description

Proof Of Concept

Content on GitHub