CVE-2021-21975: VMware Server Side Request Forgery in vRealize Operations
VMware Server Side Request Forgery in vRealize Operations Manager API. Server Side Request Forgery (SSRF) in vRealize Operations Manager API prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API to perform a SSRF attack to steal administrative credentials.
- CISA KEV-listed (remediation due 2022-02-01)
- used in ransomware campaigns
- EPSS 94.4% (100.0% percentile)