S4E

CVE-2021-21975 Scanner

Detects 'Server-Side-Request-Forgery (SSRF)' vulnerability in vRealize Operations Manager API affects v. prior to 8.4.

Short Info


Level

High

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

15 seconds

Time Interval

29 days

Scan only one

URL

Toolbox

-

vRealize Operations Manager is an operations management and monitoring tool that helps IT teams manage and monitor their virtual and physical infrastructure. The vRealize Operations Manager API is used by developers and administrators to automate tasks, retrieve performance data, and integrate with other tools. It provides a RESTful API, which allows users to interact with the vRealize Operations Manager system programmatically.

One of the vulnerabilities detected in vRealize Operations Manager API is CVE-2021-21975, which affects versions prior to 8.4. This vulnerability allows a malicious actor with network access to the vRealize Operations Manager API to perform a Server Side Request Forgery (SSRF) attack. SSRF attacks are particularly dangerous since the attacker can use internal network services to read and modify data or execute arbitrary code on the target server.

When exploited, this vulnerability can lead to the theft of administrative credentials. This could allow the attacker to gain full control over the vRealize Operations Manager system, potentially leading to data breaches, theft of intellectual property, and other malicious activities. Moreover, the attacker could pivot to other systems on the network, creating a chain of vulnerabilities that can be difficult to detect and remediate.

At s4e.io, we provide a powerful platform that helps organizations identify, prioritize, and remediate vulnerabilities in their digital assets. Our advanced features, such as automated vulnerability scanning and threat intelligence, enable organizations to stay ahead of emerging threats like CVE-2021-21975. Sign up for a demo today and see how we can help you secure your digital assets.

 

REFERENCES

Get started to protecting your Free Full Security Scan