Description

VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to improper path handling. A malicious actor may be able to redirect victim to an attacker controlled domain due to improper path handling in vRealize Orchestrator leading to sensitive information disclosure.

Related CPE's

a

vmware

vrealize_automation

Vulnerable

a

vmware

vrealize_orchestrator

Vulnerable

References

https://www.vmware.com/security/advisories/VMSA-2021-0023.html

Vendor Advisory

https://www.vmware.com/security/advisories/VMSA-2021-0023.html

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-200

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

6.5 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-10-13T14:15:07.733Z

4 years ago

Last modified

2024-11-21T04:49:28.720Z

1 year ago