CVE-2021-22036

6.5MEDIUM

Key Information:

Vendor
Vmware
Vendor
CVE Published:
13 October 2021

Summary

VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to improper path handling. A malicious actor may be able to redirect victim to an attacker controlled domain due to improper path handling in vRealize Orchestrator leading to sensitive information disclosure.

Affected Version(s)

VMware vRealize Orchestrator VMware vRealize Orchestrator (8.x prior to 8.6)

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.