CVE-2021-21983
CVE-2021-21983
Vexday Risk Score
72High priority
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 68.6%KEV nãoPoC públicaNuclei —Metasploit simPatch —
Lifecycle
30 Mar 2021Metasploit module available
31 Mar 2021Published on NVD
16 Mar 2022Public PoC
Weaponization speed
349 daysto first PoC
Recommendation: Patch as soon as possible — active exploitation confirmed.
Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system.
Affected products
n/a · VMware vRealize Operationspublic PoCs found — 1
vulncheckvulncheck.com/xdb/1c647bbacadeunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.