CVE-2021-21975

HIGH KEV RANSOMWARE NUCLEI

Vmware Cloud Foundation - SSRF

Title source: rule

Description

Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.

Exploits (11)

nomisec WORKING POC 39 stars
by rabidwh0re · remote
https://github.com/rabidwh0re/REALITY_SMASHER
nomisec SCANNER 27 stars
by GuayoyoCyber · infoleak
https://github.com/GuayoyoCyber/CVE-2021-21975
nomisec WORKING POC 14 stars
by Henry4E36 · infoleak
https://github.com/Henry4E36/VMWare-vRealize-SSRF
nomisec WRITEUP 13 stars
by Al1ex · infoleak
https://github.com/Al1ex/CVE-2021-21975
nomisec WORKING POC 4 stars
by murataydemir · infoleak
https://github.com/murataydemir/CVE-2021-21975
nomisec SUSPICIOUS 3 stars
by Vulnmachines · infoleak
https://github.com/Vulnmachines/VMWare-CVE-2021-21975
nomisec WORKING POC 2 stars
by dorkerdevil · infoleak
https://github.com/dorkerdevil/CVE-2021-21975
gitlab WORKING POC
by securitystuffbackup · remote
https://gitlab.com/securitystuffbackup/VMWare-vRealize-SSRF
nomisec WORKING POC
by DarkFunct · poc
https://github.com/DarkFunct/exp_hub
metasploit WORKING POC EXCELLENT
by Egor Dimitrenko, wvu · rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/vmware_vrops_mgr_ssrf_rce.rb

Nuclei Templates (1)

vRealize Operations Manager API - Server-Side Request Forgery
HIGHby luci

Scores

CVSS v3 7.5
EPSS 0.9442
EPSS Percentile 100.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CISA KEV 2022-01-18
VulnCheck KEV 2021-06-01
InTheWild.io 2021-07-01
ENISA EUVD EUVD-2021-9146
Ransomware Use Confirmed
CWE
CWE-918
Status published
Products (27)
vmware/cloud_foundation 3.0
vmware/cloud_foundation 3.0.1
vmware/cloud_foundation 3.0.1.1
vmware/cloud_foundation 3.5
vmware/cloud_foundation 3.5.1
vmware/cloud_foundation 3.7
vmware/cloud_foundation 3.7.1
vmware/cloud_foundation 3.7.2
vmware/cloud_foundation 3.8
vmware/cloud_foundation 3.8.1
... and 17 more
Published Mar 31, 2021
KEV Added Jan 18, 2022
Tracked Since Feb 18, 2026