CVE-2021-22036

CWE-200 — Information Exposure4 documents4 sources

Severity

6.5MEDIUM

EPSS

0.6%

top 31.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Vrealize Automation Vmware Vrealize Orchestrator

Timeline

PublishedOct 13

Latest updateMay 24

Description

VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to improper path handling. A malicious actor may be able to redirect victim to an attacker controlled domain due to improper path handling in vRealize Orchestrator leading to sensitive information disclosure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDvmware/vrealize_orchestrator8.0 — 8.6

▶CVEListV5vmware_vrealize_orchestratorVMware vRealize Orchestrator (8.x prior to 8.6)

▶NVDvmware/vrealize_automation8.0 — 8.6

🔴Vulnerability Details

GHSA

GHSA-xhgj-fcgm-66qp: VMware vRealize Orchestrator ((8↗2022-05-24

▶

CVEList

CVE-2021-22036: VMware vRealize Orchestrator ((8↗2021-10-13

▶

📋Vendor Advisories

VMware

VMware vRealize Orchestrator update addresses open redirect vulnerability (CVE-2021-22036)↗2021-10-12

▶