The vRealize Operations Manager API (8.x before 8.5) contains a broken access control vulnerability leading to unauthenticated API access. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can add new nodes to existing vROps cluster.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vmware cloud foundation |
||
vmware vrealize operations manager 7.5.0 |
||
vmware vrealize operations manager |
||
vmware vrealize suite lifecycle manager |