CVE-2021-21975 Scanner
Detects 'Server-Side-Request-Forgery (SSRF)' vulnerability in vRealize Operations Manager API affects v. prior to 8.4.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
15 seconds
Time Interval
29 days
Scan only one
URL
Toolbox
-
vRealize Operations Manager is an operations management and monitoring tool that helps IT teams manage and monitor their virtual and physical infrastructure. The vRealize Operations Manager API is used by developers and administrators to automate tasks, retrieve performance data, and integrate with other tools. It provides a RESTful API, which allows users to interact with the vRealize Operations Manager system programmatically.
One of the vulnerabilities detected in vRealize Operations Manager API is CVE-2021-21975, which affects versions prior to 8.4. This vulnerability allows a malicious actor with network access to the vRealize Operations Manager API to perform a Server Side Request Forgery (SSRF) attack. SSRF attacks are particularly dangerous since the attacker can use internal network services to read and modify data or execute arbitrary code on the target server.
When exploited, this vulnerability can lead to the theft of administrative credentials. This could allow the attacker to gain full control over the vRealize Operations Manager system, potentially leading to data breaches, theft of intellectual property, and other malicious activities. Moreover, the attacker could pivot to other systems on the network, creating a chain of vulnerabilities that can be difficult to detect and remediate.
At s4e.io, we provide a powerful platform that helps organizations identify, prioritize, and remediate vulnerabilities in their digital assets. Our advanced features, such as automated vulnerability scanning and threat intelligence, enable organizations to stay ahead of emerging threats like CVE-2021-21975. Sign up for a demo today and see how we can help you secure your digital assets.
REFERENCES