CVE-2021-22022

The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability. A malicious actor with administrative access to vRealize Operations Manager API can read any arbitrary file on server leading to information disclosure.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
vmwarecloud_foundation
3.0 ≤
𝑥
≤ 3.10.2.1
vmwarecloud_foundation
4.0 ≤
𝑥
≤ 4.2.1
vmwarevrealize_operations_manager
8.0.0 ≤
𝑥
< 8.5.0
vmwarevrealize_operations_manager
7.5.0
vmwarevrealize_suite_lifecycle_manager
8.0 ≤
𝑥
≤ 8.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.vmware.com/security/advisories/VMSA-2021-0018.html
https://www.vmware.com/security/advisories/VMSA-2021-0018.html