Shodan
Vulnerabilities
Vulnerable Software
Vmware:  >> Cloud Foundation  >> 3.10.1.2  Security Vulnerabilities
CVE-2021-22024
The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can read any log file resulting in sensitive information disclosure.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-08-30
CVE-2021-22025
The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerability leading to unauthenticated API access. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can add new nodes to existing vROps cluster.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-08-30
CVE-2021-22026
The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-08-30
CVE-2021-22027
The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-08-30
CVE-2021-21985
Known exploited
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
CVSS Score
9.8
EPSS Score
0.944
Published
2021-05-26
CVE-2021-21986
The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Server may perform actions allowed by the impacted plug-ins without authentication.
CVSS Score
9.8
EPSS Score
0.01
Published
2021-05-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved