{"id":"CVE-2021-21975","details":"Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.","modified":"2026-03-14T10:44:13.894381Z","published":"2021-03-31T18:15:14.597Z","references":[{"type":"WEB","url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21975"},{"type":"ADVISORY","url":"https://www.vmware.com/security/advisories/VMSA-2021-0004.html"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/162349/VMware-vRealize-Operations-Manager-Server-Side-Request-Forgery-Code-Execution.html"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-21975.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"3.0.1"}]},{"events":[{"introduced":"0"},{"last_affected":"3.0.1.1"}]},{"events":[{"introduced":"0"},{"last_affected":"3.5"}]},{"events":[{"introduced":"0"},{"last_affected":"3.5.1"}]},{"events":[{"introduced":"0"},{"last_affected":"3.7"}]},{"events":[{"introduced":"0"},{"last_affected":"3.7.1"}]},{"events":[{"introduced":"0"},{"last_affected":"3.7.2"}]},{"events":[{"introduced":"0"},{"last_affected":"3.8"}]},{"events":[{"introduced":"0"},{"last_affected":"3.8.1"}]},{"events":[{"introduced":"0"},{"last_affected":"3.9"}]},{"events":[{"introduced":"0"},{"last_affected":"3.9.1"}]},{"events":[{"introduced":"0"},{"last_affected":"3.10"}]},{"events":[{"introduced":"0"},{"last_affected":"4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"4.0.1"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.5.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.1"}]},{"events":[{"introduced":"0"},{"last_affected":"8.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.1.1"}]},{"events":[{"introduced":"0"},{"last_affected":"8.2.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.1"}]},{"events":[{"introduced":"0"},{"last_affected":"8.1"}]},{"events":[{"introduced":"0"},{"last_affected":"8.2"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}