virus logo Intrusion Prevention

VMware.vRealize.Operations.SSRF

description-logoDescription

This indicates an attack attempt to exploit a Server-Side Request Forgery Vulnerability in VMware vRealize Operations.
The vulnerability is due to improper sanitation of a crafted HTTP user input. A remote unauthenticated attacker could exploit this vulnerability by sending an HTTP request to the target vulnerable server. Successful exploitation leads to the disclosure of information which may be used to facilitate further compromise.

affected-products-logoAffected Products

VMware vRealize Operations 7.0
VMware vRealize Operations 7.5
VMware vRealize Operations 8.0.1
VMware vRealize Operations 8.1.1
VMware vRealize Operations 8.2
VMware vRealize Operations 8.3

Impact logoImpact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://kb.vmware.com/s/article/83210
https://kb.vmware.com/s/article/83287
https://kb.vmware.com/s/article/82367
https://kb.vmware.com/s/article/83094
https://kb.vmware.com/s/article/83095

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Status Detail
2021-06-22 18.102
Modified
 Sig Added
2021-04-26 18.066
New
ID 50133
Created Apr 06, 2021
Updated Jun 21, 2021
CVE ID
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Known Exploited Yes
Exploit Prediction Score 94.42%
Default Action pass
Active
Affected OS Windows, Linux
Affected App Other
Profile Type Information Disclosure