.. / CVE-2021-21975

Exploit for vRealize Operations Manager API - Server-Side Request Forgery (CVE-2021-21975)

Description:

vRealize Operations Manager API is susceptible to server-side request forgery. A malicious actor with network access to the vRealize Operations Manager API can steal administrative credentials or trigger remote code execution using CVE-2021-21983.

Nuclei Template

View the template here CVE-2021-21975.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-21975.yaml

References:

https://www.vmware.com/security/advisories/VMSA-2021-0004.html
https://nvd.nist.gov/vuln/detail/CVE-2021-21975
http://packetstormsecurity.com/files/162349/VMware-vRealize-Operations-Manager-Server-Side-Request-Forgery-Code-Execution.html

.. / CVE-2021-21975 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for vRealize Operations Manager API - Server-Side Request Forgery (CVE-2021-21975)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2021-21975