Server Side Request Forgery Vulnerability in vRealize Operations Manager by VMware
CVE-2021-22026

7.5HIGH

Key Information:

Vendor
Vmware
Vendor
CVE Published:
30 August 2021

Summary

The vRealize Operations Manager API versions prior to 8.5 are susceptible to a Server Side Request Forgery (SSRF) vulnerability. This flaw allows an unauthenticated malicious actor with network access to the API to manipulate requests and potentially disclose sensitive information. Organizations using affected versions should prioritize immediate patching to mitigate the risks associated with this vulnerability.

Affected Version(s)

VMware vRealize Operations VMware vRealize Operations (8.x prior to 8.5)

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.