CVE-2021-21975
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-21975
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
VMware vRealize Operations 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
vmware VMware vRealize Operations是美国威睿(vmware)公司的一个应用程序。一个统一的,基于AI的平台上为私有,混合和多云环境提供自动驾驶的IT运营管理。 VMware vRealize Operations 存在安全漏洞,该漏洞源于更新地址服务器端请求伪造和任意文件写入。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | VMware vRealize Operations | VMware vRealize Operations prior to 8.4 | - |
II. Public POCs for CVE-2021-21975
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | VMWare vRealize SSRF-CVE-2021-21975 | https://github.com/Henry4E36/VMWare-vRealize-SSRF | POC Details |
| 2 | None | https://github.com/dorkerdevil/CVE-2021-21975 | POC Details |
| 3 | CVE-2021-21975 vRealize Operations Manager SSRF | https://github.com/Al1ex/CVE-2021-21975 | POC Details |
| 4 | 漏洞复现与poc收集,CVE-2021-21975,cve-2021-22005,CVE-2021-26295,VMware vCenter任意文件读取 | https://github.com/TheTh1nk3r/exp_hub | POC Details |
| 5 | Nmap script to check vulnerability CVE-2021-21975 | https://github.com/GuayoyoCyber/CVE-2021-21975 | POC Details |
| 6 | [CVE-2021-21975] VMware vRealize Operations Manager API Server Side Request Forgery (SSRF) | https://github.com/murataydemir/CVE-2021-21975 | POC Details |
| 7 | vRealize RCE + Privesc (CVE-2021-21975, CVE-2021-21983, CVE-0DAY-?????) | https://github.com/rabidwh0re/REALITY_SMASHER | POC Details |
| 8 | VMWare-CVE-2021-21975 SSRF vulnerability | https://github.com/Vulnmachines/VMWare-CVE-2021-21975 | POC Details |
| 9 | vRealize Operations Manager API is susceptible to server-side request forgery. A malicious actor with network access to the vRealize Operations Manager API can steal administrative credentials or trigger remote code execution using CVE-2021-21983. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-21975.yaml | POC Details |
| 10 | None | https://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/VMware%20vRealize%20Operations%20Manager%20SSRF%E6%BC%8F%E6%B4%9E%20CVE-2021-21975.md | POC Details |
| 11 | 漏洞复现与poc收集,CVE-2021-21975,cve-2021-22005,CVE-2021-26295,VMware vCenter任意文件读取 | https://github.com/DarkFunct/exp_hub | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-21975
请登录查看更多情报信息。
- https://www.vmware.com/security/advisories/VMSA-2021-0004.htmlx_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2021-21975
Same Patch Batch · n/a · 2021-03-31 · 45 CVEs total
| CVE-2021-23348 | 6.3 MEDIUM | Arbitrary Command Injection |
| CVE-2021-22986 | F5 BIG-IP 代码问题漏洞 | |
| CVE-2021-21776 | Accusoft ImageGear 缓冲区错误漏洞 | |
| CVE-2021-21782 | Accusoft ImageGear 缓冲区错误漏洞 | |
| CVE-2021-21773 | Accusoft ImageGear 代码问题漏洞 | |
| CVE-2020-28173 | Sourcecodester Simple College Website 代码问题漏洞 | |
| CVE-2020-28172 | Sourcecodester Simple College Website SQL注入漏洞 | |
| CVE-2021-3477 | LIM OpenEXR 输入验证错误漏洞 | |
| CVE-2021-3478 | LIM OpenEXR 资源管理错误漏洞 | |
| CVE-2021-3479 | LIM OpenEXR 资源管理错误漏洞 | |
| CVE-2021-28245 | PbootCMS SQL注入漏洞 | |
| CVE-2021-22988 | F5 BIG-IP 跨站脚本漏洞 | |
| CVE-2021-22987 | F5 BIG-IP 安全漏洞 | |
| CVE-2021-22990 | F5 BIG-IP 安全漏洞 | |
| CVE-2021-22995 | F5 BIG-IP 访问控制错误漏洞 | |
| CVE-2021-22992 | F5 BIG-IP 安全漏洞 | |
| CVE-2021-22989 | F5 BIG-IP 安全漏洞 | |
| CVE-2021-29658 | vscode-rufo 安全漏洞 | |
| CVE-2021-22991 | F5 BIG-IP 缓冲区错误漏洞 | |
| CVE-2021-22994 | F5 BIG-IP 跨站脚本漏洞 |
Showing top 20 of 45 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8276
bettercap MySQL Server mysql_server.go integer coercion - CVE-2026-8275
bettercap zerogod IPP Service zerogod_ipp_primitives.go ippR - CVE-2026-8270
Open5GS SMF ogs_nas_parse_qos_rules denial of service - CVE-2026-8269
Open5GS SMF smf_nsmf_handle_create_sm_context denial of serv - CVE-2026-8268
Open5GS SMF OpenAPI_list_create denial of service
V. Comments for CVE-2021-21975
No comments yet