CVE-2021-22027

Summary

The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure.

Affected Software

VendorProductVersion RangeStatus
n/aVMware vRealize OperationsVMware vRealize Operations (8.x prior to 8.5)affected

Weaknesses

  • Server Side Request Forgery

ADP Enrichment

CVE Program Container

Additional References

References