CVE-2021-22036
published 2021-10-13CVE-2021-22036: VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to improper path handling. A malicious actor may be able to…
medium6.5CVSS 3.1
AVNACLPRNUIRSUCHINAN
VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to improper path handling. A malicious actor may be able to redirect victim to an attacker controlled domain due to improper path handling in vRealize Orchestrator leading to sensitive information disclosure.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | vrealize_automation | >= 8.0 < 8.6 | 8.6 |
| vmware | vrealize_orchestrator | >= 8.0 < 8.6 | 8.6 |