CVE-2021-22022

EUVD-2021-9191
The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability. A malicious actor with administrative access to vRealize Operations Manager API can read any arbitrary file on server leading to information disclosure.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 43%
Affected Products (NVD)
VendorProductVersion
vmwarecloud_foundation
3.0 ≤
𝑥
≤ 3.10.2.1
vmwarecloud_foundation
4.0 ≤
𝑥
≤ 4.2.1
vmwarevrealize_operations_manager
8.0.0 ≤
𝑥
< 8.5.0
vmwarevrealize_operations_manager
7.5.0
vmwarevrealize_suite_lifecycle_manager
8.0 ≤
𝑥
≤ 8.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.vmware.com/security/advisories/VMSA-2021-0018.html
https://www.vmware.com/security/advisories/VMSA-2021-0018.html