CVE-2021-22036: Infoleak
First published: Wed Oct 13 2021(Updated: )
VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to improper path handling. A malicious actor may be able to redirect victim to an attacker controlled domain due to improper path handling in vRealize Orchestrator leading to sensitive information disclosure.
Credit: security@vmware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware vRealize Automation | >=8.0<8.6 | |
| VMware vRealize Orchestrator | >=8.0<8.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this VMware vRealize Orchestrator vulnerability?
The vulnerability ID for this VMware vRealize Orchestrator vulnerability is CVE-2021-22036.
What is the severity of CVE-2021-22036?
The severity of CVE-2021-22036 is medium with a CVSS score of 6.5.
Which software versions are affected by CVE-2021-22036?
CVE-2021-22036 affects VMware vRealize Orchestrator versions 8.0 to 8.6.
What is the description of CVE-2021-22036?
CVE-2021-22036 is an open redirect vulnerability in VMware vRealize Orchestrator that allows a malicious actor to redirect victims to an attacker-controlled domain, potentially leading to sensitive information disclosure.
How can I fix CVE-2021-22036?
To fix CVE-2021-22036, it is recommended to upgrade VMware vRealize Orchestrator to version 8.6 or later.
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/tags
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/vmware
- canonical/vmware vrealize automation
- version/vmware vrealize automation/8.0
- canonical/vmware vrealize orchestrator
- version/vmware vrealize orchestrator/8.0