← ExploitWatch
HomeExploited Vulnerabilities

CVE-2021-21975 — Actively Exploited: vRealize Operations Manager API (VMware)

Server Side Request Forgery (SSRF) in vRealize Operations Manager API prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API to perform a SSRF attack to steal administrative credentials.

CVE IDCVE-2021-21975
VendorVMware
ProductvRealize Operations Manager API
Vulnerability nameVMware Server Side Request Forgery in vRealize Operations Manager API
Date added2022-01-18
Remediation due2022-02-01
Known ransomware useKnown
Required actionApply updates per vendor instructions.
DescriptionServer Side Request Forgery (SSRF) in vRealize Operations Manager API prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API to perform a SSRF attack to steal administrative credentials.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →