← Back

CVE-2021-22033

nvd nist
Published: Oct 13, 2021Modified: Nov 21, 2024

JSON object

Loading...
2.7
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Exploitability: 1.2 / Impact: 1.4
Source: NVD

Description

Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability.

Affected (3)

Vmware
3 products
Cloud Foundation
Vrealize Operations
Vrealize Suite Lifecycle Manager
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Cloud Foundation
From 3.0.0 to 4.3.1
Vrealize Operations
From 7.0.0 to 8.6.0
Vrealize Suite Lifecycle Manager
From 8.0 to 8.2

Related CWEs

CWE-918
Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (2)

Source: security@vmware.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.