HTTP: VMware vRealize Operations Manager API Certificate Upload Directory Traversal
This signature detects attempts to exploit a known vulnerability against VMware vRealize Operations Manager API. A successful attack can lead to directory traversal and arbitrary code execution.
Extended Description
Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system.
Affected Products
Vmware vrealize_operations_manager
Short Name
HTTP:CTS:VMWARE-VRLZ-OM-API-DIR
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
API CVE-2021-21983 CVE-2024-22263 Certificate Directory Manager Operations Traversal Upload VMware vRealize
Release Date
04/28/2021
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3757
False Positive
Unknown
Vendors
Vmware
CVSS Score
8.5