| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2021-21975 | VMware Server Side Request Forgery in vRealize Operations Manager API | exploitation_technique | T1190 | Exploit Public-Facing Application |
Comments
This Server-Side Request Forgery (SSRF) vulnerability is exploited by an attacker with network access to the VMware server. This vulnerability enables the attacker to exploit an unauthenticated endpoint to send crafted requests to internal or external systems. By doing so, the attacker can potentially steal administrative credentials. Once these credentials are compromised, the attacker could gain maximum privileges within the application, enabling them to alter configurations and intercept sensitive data. This exploitation could lead to unauthorized access and manipulation of the application.
References
|