CVE-2021-21975

Summary

Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.

Affected Software

VendorProductVersion RangeStatus
n/aVMware vRealize OperationsVMware vRealize Operations prior to 8.4affected

Weaknesses

  • Server Side Request Forgery

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: partial

Additional References

References