Input validation error in VMware, Inc products - CVE-2021-22023
Published: August 25, 2021
Vulnerability identifier: #VU56082
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-22023
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: VMware, Inc
Affected software:
VMware vRealize Operations Manager (vROps)
VMware Cloud Foundation (vROps)
vRealize Suite Lifecycle Manager
VMware vRealize Operations Manager (vROps)
VMware Cloud Foundation (vROps)
vRealize Suite Lifecycle Manager
Detailed vulnerability description
The vulnerability allows a remote user to compromise the target system.
The vulnerability exists due to insecure direct object reference issue. A remote administrator can modify other users information leading to an account takeover.
How to mitigate CVE-2021-22023
Install updates from vendor's website.