Information disclosure in VMware, Inc products - CVE-2021-22024
Published: August 25, 2021
Vulnerability identifier: #VU56083
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-22024
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: VMware, Inc
Affected software:
VMware vRealize Operations Manager (vROps)
VMware Cloud Foundation (vROps)
vRealize Suite Lifecycle Manager
VMware vRealize Operations Manager (vROps)
VMware Cloud Foundation (vROps)
vRealize Suite Lifecycle Manager
Detailed vulnerability description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can read any log file resulting in sensitive information disclosure.
How to mitigate CVE-2021-22024
Install updates from vendor's website.