CVE-2021-21975
VMware Server Side Request Forgery in vRealize Operations Manager API
⚠ KEVEPSS 94.4%
Description
Server Side Request Forgery (SSRF) in vRealize Operations Manager API prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API to perform a SSRF attack to steal administrative credentials.
How to fix CVE-2021-21975
No package mapping is available — consult the references below for vendor-specific guidance.
Is CVE-2021-21975 being exploited?
Yes — CVE-2021-21975 is on the CISA Known Exploited Vulnerabilities (KEV) catalog. Patch immediately.
Affected packages (0)
No package mapping in OSV.