CVE-2021-21983

MEDIUM EXPLOITED

vRealize Operations Manager <8.4 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2021-21983 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 3 public exploits from researchers including Egor Dimitrenko, wvu, including a Metasploit module exploits/linux/http/vmware_vrops_mgr_ssrf_rce.

AI-analyzed exploit summary This Metasploit module exploits CVE-2021-21983 (file write) and CVE-2021-21975 (SSRF) in VMware vRealize Operations Manager to leak admin credentials and achieve remote code execution via a JSP payload. It chains SSRF for credential leakage and authenticated file write for payload deployment.

Description

Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system.

Exploits (3)

metasploit WORKING POC EXCELLENT
by Egor Dimitrenko, wvu · rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/vmware_vrops_mgr_ssrf_rce.rb

This Metasploit module exploits CVE-2021-21983 (file write) and CVE-2021-21975 (SSRF) in VMware vRealize Operations Manager to leak admin credentials and achieve remote code execution via a JSP payload. It chains SSRF for credential leakage and authenticated file write for payload deployment.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: VMware vRealize Operations Manager (vROps) < 8.3.0
Auth required
Prerequisites: Network access to target · SSRF endpoint accessible · Admin credentials leaked via SSRF
devstral-2 · analyzed Apr 23, 2026 Full analysis →
vulncheck_xdb WRITEUP
remote-auth
https://github.com/murataydemir/CVE-2021-21983

This repository provides a detailed technical analysis of CVE-2021-21983, including step-by-step exploitation steps, HTTP request/response examples, and screenshots. It demonstrates how to chain CVE-2021-21975 and CVE-2021-21983 to achieve RCE on VMware vRealize Operations Manager.

Classification
Writeup 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: VMware vRealize Operations Manager API 8.4 and earlier
Auth required
Prerequisites: Valid Authorization token · Access to vulnerable VMware vRealize Operations Manager instance
devstral-2 · analyzed Feb 25, 2026 Full analysis →
inthewild WRITEUP
poc
https://github.com/murataydemir/cve-2021-21983

This repository provides a detailed technical analysis of CVE-2021-21983, including step-by-step exploitation steps, HTTP request/response examples, and screenshots. It demonstrates how to chain CVE-2021-21975 and CVE-2021-21983 to achieve RCE on VMware vRealize Operations Manager.

Classification
Writeup 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: VMware vRealize Operations Manager API 8.4 and earlier
Auth required
Prerequisites: Valid Authorization token · Access to vulnerable vRealize Operations Manager instance
devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 6.5
EPSS 0.8318
EPSS Percentile 99.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Details

VulnCheck KEV 2021-10-07
Status published
Products (27)
vmware/cloud_foundation 3.0
vmware/cloud_foundation 3.0.1
vmware/cloud_foundation 3.0.1.1
vmware/cloud_foundation 3.5
vmware/cloud_foundation 3.5.1
vmware/cloud_foundation 3.7
vmware/cloud_foundation 3.7.1
vmware/cloud_foundation 3.7.2
vmware/cloud_foundation 3.8
vmware/cloud_foundation 3.8.1
... and 17 more
Published Mar 31, 2021
Tracked Since Feb 18, 2026