First published: Mon Aug 30 2021(Updated: )
The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can read any log file resulting in sensitive information disclosure.
Credit: security@vmware.com
Affected Software | Affected Version | How to fix |
---|---|---|
VMware Cloud Foundation | >=3.0<=3.10.2.1 | |
VMware Cloud Foundation | >=4.0<=4.2.1 | |
Vmware Vrealize Operations Manager | >=8.0.0<8.5.0 | |
Vmware Vrealize Operations Manager | =7.5.0 | |
Vmware Vrealize Suite Lifecycle Manager | >=8.0<=8.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-22024.
The severity of CVE-2021-22024 is high with a severity value of 7.5.
The vRealize Operations Manager API (8.x prior to 8.5) is affected by CVE-2021-22024.
An unauthenticated malicious actor with network access to the vRealize Operations Manager API can exploit CVE-2021-22024 by reading any log file, resulting in sensitive information disclosure.
Yes, VMware has released a security advisory with remediation steps for CVE-2021-22024. Please refer to the official VMware security advisory for more details.