Server side request forgery (ssrf)

2021-08-3018:15:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.0%

JSON

The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure.

CPENameOperatorVersion
cloud_foundationge3.0
cloud_foundationle3.10.2.1
cloud_foundationge4.0
cloud_foundationle4.2.1
vrealize_operations_managereq7.5.0
vrealize_operations_managerge8.0.0
vrealize_operations_managerlt8.5.0
vrealize_suite_lifecycle_managerge8.0
vrealize_suite_lifecycle_managerle8.2

Name	Operator	Version
cloud_foundation	ge	3.0
cloud_foundation	le	3.10.2.1
cloud_foundation	ge	4.0
cloud_foundation	le	4.2.1
vrealize_operations_manager	eq	7.5.0
vrealize_operations_manager	ge	8.0.0
vrealize_operations_manager	lt	8.5.0
vrealize_suite_lifecycle_manager	ge	8.0
vrealize_suite_lifecycle_manager	le	8.2

References

www.vmware.com/security/advisories/VMSA-2021-0018.html