Server Side Request Forgery Vulnerability in vRealize Operations Manager by VMware
CVE-2021-22026
7.5HIGH
Summary
The vRealize Operations Manager API versions prior to 8.5 are susceptible to a Server Side Request Forgery (SSRF) vulnerability. This flaw allows an unauthenticated malicious actor with network access to the API to manipulate requests and potentially disclose sensitive information. Organizations using affected versions should prioritize immediate patching to mitigate the risks associated with this vulnerability.
Affected Version(s)
VMware vRealize Operations VMware vRealize Operations (8.x prior to 8.5)
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved