CVE-2021-22026

Name of the Vulnerable Software and Affected Versions vRealize Operations Manager API versions 8.x prior to 8.5

Description The issue is related to a Server Side Request Forgery in an endpoint of the vRealize Operations Manager API. An unauthenticated malicious actor with network access can perform a Server Side Request Forgery attack, leading to information disclosure. The vulnerability is associated with insufficient checking of incoming requests.

Recommendations For versions 8.x prior to 8.5, update to version 8.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable endpoint to minimize the risk of exploitation.