Moderate

VMSA-2021-0023.1
6.5
2021-10-12
2021-10-13
CVE-2021-22036
VMware vRealize Orchestrator update addresses open redirect vulnerability (CVE-2021-22036)

1. Impacted Products
  • VMware vRealize Orchestrator
  • VMware vRealize Automation
  • VMware Cloud Foundation (Cloud Foundation) 
2. Introduction

An open redirect vulnerability in VMware vRealize Orchestrator was privately reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.

3. VMware vRealize Orchestrator update addresses open redirect vulnerability (CVE-2021-22036)

Description

VMware vRealize Orchestrator contains an open redirect vulnerability due to improper path handling. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.5.

Known Attack Vectors

A malicious actor may be able to redirect victim to an attacker controlled domain due to improper path handling in vRealize Orchestrator leading to sensitive information disclosure.

Resolution

To remediate CVE-2021-22036 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below.

Workarounds

None.

Additional Documentation

None.

Notes

VMware vRealize Automation 8.x is affected since it uses embedded vRealize Orchestrator.

Acknowledgements

VMware would like to thank Marek Takáč of Citadelo for reporting this vulnerability to us.

Response Matrix

Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional Documentation
VMware vRealize Orchestrator
8.x
Virtual Appliance
CVE-2021-22036
6.5
moderate
8.6
None
None
VMware vRealize Automation
8.x
Any
CVE-2021-22036
6.5
moderate
8.6
None
None

Impacted Product Suites that Deploy Response Matrix Components:

Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional Documentation
VMware Cloud Foundation (vRealize Automation)
4.x
Any
CVE-2021-22036
6.5
moderate
Patch Planned
None
None
4. References

Fixed Version(s) and Release Notes:

VMware vRealize Orchestrator 8.6.0

Downloads and Documentation:

https://customerconnect.vmware.com/downloads/details?downloadGroup=VROVA-860&productId=1206&rPId=75321

https://docs.vmware.com/en/vRealize-Orchestrator/8.6/rn/VMware-vRealize-Orchestrator-86-Release-Notes.html

 

VMware vRealize Automation 8.6.0

Downloads and Documentation:

https://customerconnect.vmware.com/downloads/details?downloadGroup=VRA-860&productId=1206&rPId=75320

https://docs.vmware.com/en/vRealize-Automation/8.6/rn/vmware-vrealize-automation-86-release-notes/index.html

 

Mitre CVE Dictionary Links:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22036

 

FIRST CVSSv3 Calculator:
CVE-2021-22036: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

5. Change Log

2021-10-12 VMSA-2021-0023
Initial security advisory.

 

2021-10-13 VMSA-2021-0023.1
Added VMware vRealize Automation 8.x in the Response Matrix section. As it uses embedded vRealize Orchestrator.

6. Contact

E-mail list for product security notifications and announcements:

https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce 

 

This Security Advisory is posted to the following lists:  

security-announce@lists.vmware.com  

bugtraq@securityfocus.com  

fulldisclosure@seclists.org 

 

E-mail: security@vmware.com

PGP key at:

https://kb.vmware.com/kb/1055 

 

VMware Security Advisories

https://www.vmware.com/security/advisories 

 

VMware Security Response Policy

https://www.vmware.com/support/policies/security_response.html 

 

VMware Lifecycle Support Phases

https://www.vmware.com/support/policies/lifecycle.html 

 

VMware Security & Compliance Blog  

https://blogs.vmware.com/security 

 

Twitter

https://twitter.com/VMwareSRC

 

Copyright 2021 VMware Inc. All rights reserved.