CVE-2021-22023

Summary

The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover.

Affected Software

VendorProductVersion RangeStatus
n/aVMware vRealize OperationsVMware vRealize Operations (8.x prior to 8.5)affected

Weaknesses

  • Insecure direct object reference vulnerability

ADP Enrichment

CVE Program Container

Additional References

References