The most severe vulnerability, tracked as CVE-2021-21975, is a Server Side Request Forgery in vRealize Operations Manager API. A remote, unauthenticated attacker can exploit the vulnerability without user interaction to steal admin credentials from vulnerable installs. The company also addressed an arbitrary file write vulnerability that could allow an attacker to write files to arbitrary locations on the underlying photon operating system. The vulnerability was reported to the company by security researcher Egor Dimitrenko from Positive Technologies.”]
Source: https://securityaffairs.co/wordpress/116145/security/vmware-vrealize-operations-ssrf-flaw.html