First published: Mon Aug 30 2021(Updated: )
The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability. A malicious actor with administrative access to vRealize Operations Manager API can read any arbitrary file on server leading to information disclosure.
Credit: security@vmware.com
Affected Software | Affected Version | How to fix |
---|---|---|
VMware Cloud Foundation | >=3.0<=3.10.2.1 | |
VMware Cloud Foundation | >=4.0<=4.2.1 | |
Vmware Vrealize Operations Manager | >=8.0.0<8.5.0 | |
Vmware Vrealize Operations Manager | =7.5.0 | |
Vmware Vrealize Suite Lifecycle Manager | >=8.0<=8.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-22022.
The severity of CVE-2021-22022 is medium.
The affected software includes VMware Cloud Foundation, VMware vRealize Operations Manager, and VMware vRealize Suite Lifecycle Manager.
A malicious actor with administrative access to vRealize Operations Manager API can read any arbitrary file on the server.
Yes, VMware has released a patch to address the vulnerability. Please refer to the VMware Security Advisory VMSA-2021-0018 for more information.