Improper access control in VMware, Inc products - CVE-2021-22025
Published: August 25, 2021
Vulnerability identifier: #VU56084
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2021-22025
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: VMware, Inc
Affected software:
VMware vRealize Operations Manager (vROps)
VMware Cloud Foundation (vROps)
vRealize Suite Lifecycle Manager
VMware vRealize Operations Manager (vROps)
VMware Cloud Foundation (vROps)
vRealize Suite Lifecycle Manager
Detailed vulnerability description
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote attacker can add new nodes to existing vROps cluster.
How to mitigate CVE-2021-22025
Install updates from vendor's website.