Cloud Foundation
CVE-2021-22033
LOW
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability.
AnalysisAI
Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.
Technical ContextAI
This vulnerability is classified as Server-Side Request Forgery (SSRF) (CWE-918), which allows attackers to make the server perform requests to unintended internal or external resources. Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability. Affected products include: Vmware Cloud Foundation, Vmware Vrealize Operations, Vmware Vrealize Suite Lifecycle Manager.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Validate and allowlist destination URLs, block requests to internal networks, use network segmentation.
More in Cloud Foundation
View allVMware ESXi and Workstation contain a TOCTOU race condition leading to out-of-bounds write, allowing local administrator
VMware ESXi contains an arbitrary write vulnerability that allows privileged VMX process users to trigger kernel writes,
VMware Aria Operations contains a command injection vulnerability (CVE-2026-22719, CVSS 8.1) that allows unauthenticated
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability via HGFS out-of-bounds read, allowi
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side templa
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. Rated critical severity (CV
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. Rated critical sev
The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. Rated h
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due t
The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and
Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today