Description

VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to improper path handling. A malicious actor may be able to redirect victim to an attacker controlled domain due to improper path handling in vRealize Orchestrator leading to sensitive information disclosure.

Related CPE's

a

vmware

vrealize_automation

Vulnerable

a

vmware

vrealize_orchestrator

Vulnerable

References

https://www.vmware.com/security/advisories/VMSA-2021-0023.html

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-200

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

6.5 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-10-13T16:15:07.733

3 years ago

Last modified

2021-10-20T13:42:42.890

3 years ago