CVE-2021-21975

Server Side Request Forgery (SSRF) in vRealize Operations Manager API prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API to perform a SSRF attack to steal administrative credentials. Vendor/Product: VMware vRealize Operations Manager API. Added to CISA KEV 2022-01-18; required action: Apply updates per vendor instructions.