### [CVE-2021-22026](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22026)
![](https://img.shields.io/static/v1?label=Product&message=VMware%20vRealize%20Operations&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=VMware%20vRealize%20Operations%20(8.x%20prior%20to%208.5)%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Server%20Side%20Request%20Forgery&color=brightgreen)

### Description

The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/thiscodecc/thiscodecc