### [CVE-2021-21983](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21983)
![](https://img.shields.io/static/v1?label=Product&message=VMware%20vRealize%20Operations&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Arbitrary%20file%20write%20vulnerability&color=brighgreen)

### Description

Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system.

### POC

#### Reference
- http://packetstormsecurity.com/files/162349/VMware-vRealize-Operations-Manager-Server-Side-Request-Forgery-Code-Execution.html

#### Github
- https://github.com/20142995/sectool
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Al1ex/CVE-2021-21975
- https://github.com/NaInSec/CVE-PoC-in-GitHub
- https://github.com/SYRTI/POC_to_review
- https://github.com/WhooAmii/POC_to_review
- https://github.com/WingsSec/Meppo
- https://github.com/k0mi-tg/CVE-POC
- https://github.com/manas3c/CVE-POC
- https://github.com/murataydemir/CVE-2021-21975
- https://github.com/murataydemir/CVE-2021-21983
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/rabidwh0re/REALITY_SMASHER
- https://github.com/soosmile/POC
- https://github.com/trhacknon/Pocingit
- https://github.com/whoforget/CVE-POC
- https://github.com/youwizard/CVE-POC
- https://github.com/zecool/cve