CVE-2021-22098
First published: Wed Aug 11 2021(Updated: )
UAA server versions prior to 75.4.0 are vulnerable to an open redirect vulnerability. A malicious user can exploit the open redirect vulnerability by social engineering leading to take over of victims’ accounts in certain cases along with redirection of UAA users to a malicious sites.
Credit: security@vmware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cloudfoundry Cf-deployment | <16.20.0 | |
| Cloudfoundry User Account And Authentication | <75.5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-22098?
CVE-2021-22098 is an open redirect vulnerability in UAA server versions prior to 75.4.0.
How does CVE-2021-22098 affect Cloudfoundry Cf-deployment?
Cloudfoundry Cf-deployment versions up to 16.20.0 are affected by CVE-2021-22098.
How does CVE-2021-22098 affect Cloudfoundry User Account And Authentication?
Cloudfoundry User Account And Authentication versions up to 75.5.0 are affected by CVE-2021-22098.
What is the severity of CVE-2021-22098?
CVE-2021-22098 has a severity rating of 6.1 (medium).
How can a malicious user exploit the open redirect vulnerability in CVE-2021-22098?
A malicious user can exploit the open redirect vulnerability in CVE-2021-22098 through social engineering to redirect UAA users to malicious sites and potentially take over victims' accounts.
- collector/nvd-index
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/references
- agent/severity
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/cloudfoundry
- canonical/cloudfoundry cf-deployment
- canonical/cloudfoundry user account and authentication