The vRealize Operations Manager API (8.x before 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vmware cloud foundation |
||
vmware vrealize operations manager 7.5.0 |
||
vmware vrealize operations manager |
||
vmware vrealize suite lifecycle manager |