vulnerability
VMWare vRealize: (CVE-2021-21983)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:S/C:N/I:C/A:C) | Mar 31, 2021 | Nov 30, 2021 | Apr 7, 2026 |
Severity
9
CVSS
(AV:N/AC:L/Au:S/C:N/I:C/A:C)
Published
Mar 31, 2021
Added
Nov 30, 2021
Modified
Apr 7, 2026
Description
Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system.
Solution
vmware-vrealize-upgrade-latest
References
- CVE-2021-21983
- https://attackerkb.com/topics/CVE-2021-21983
- EUVD-EUVD-2021-9154
- http://packetstormsecurity.com/files/162349/VMware-vRealize-Operations-Manager-Server-Side-Request-Forgery-Code-Execution.html
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2021-9154
- https://www.vmware.com/security/advisories/VMSA-2021-0004.html
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.