CVE-2021-22036

VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to improper path handling. A malicious actor may be able to redirect victim to an attacker controlled domain due to improper path handling in vRealize Orchestrator leading to sensitive information disclosure.

CVSS v3 6.5 MEDIUM
CVSS v2.0 4.3 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.vmware.com/security/advisories/VMSA-2021-0023.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:vmware:vrealize_automation::::::::
	cpe:2.3:a:vmware:vrealize_orchestrator::::::::

History

No history.

Information

Published : 2021-10-13 16:15

Updated : 2024-02-28 18:48

NVD link : CVE-2021-22036

Mitre link : CVE-2021-22036

CVE.ORG link : CVE-2021-22036

JSON object : View

Products Affected

vmware

vrealize_automation
vrealize_orchestrator

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2021-22036", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2021-10-13T16:15:07.733", "references": [{"url": "https://www.vmware.com/security/advisories/VMSA-2021-0023.html", "tags": ["Vendor Advisory"], "source": "security@vmware.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to improper path handling. A malicious actor may be able to redirect victim to an attacker controlled domain due to improper path handling in vRealize Orchestrator leading to sensitive information disclosure."}, {"lang": "es", "value": "VMware vRealize Orchestrator (versiones 8.x anteriores a 8.6) contienen una vulnerabilidad de redireccionamiento abierto debido a un manejo inapropiado de la ruta. Un actor malicioso puede ser capaz de redirigir a la v\u00edctima a un dominio controlado por el atacante debido al manejo inapropiado de la ruta en vRealize Orchestrator, conllevando a una divulgaci\u00f3n de informaci\u00f3n confidencial"}], "lastModified": "2021-10-20T13:42:42.890", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vmware:vrealize_automation:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03B29331-FA67-4836-A620-6568E0A4CCE1", "versionEndExcluding": "8.6", "versionStartIncluding": "8.0"}, {"criteria": "cpe:2.3:a:vmware:vrealize_orchestrator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B0265C4-8F66-434A-845E-937C3079BF97", "versionEndExcluding": "8.6", "versionStartIncluding": "8.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@vmware.com"}