CVE-2021-21975 - VMware Server Side Request Forgery in vRealize Operations Manager API
Project:VMware
Product:vRealize Operations Manager API
Date Added:2022-01-18Due Date:2022-02-01
Vulnerability Name
VMware Server Side Request Forgery in vRealize Operations Manager API
Description
Server Side Request Forgery (SSRF) in vRealize Operations Manager API prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API to perform a SSRF attack to steal administrative credentials.
Known To Be Used in Ransomware Campaigns?
Known
Action
Apply updates per vendor instructions.
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-21975