Moderate
1. Impacted Products
- VMware vRealize Orchestrator
- VMware vRealize Automation
- VMware Cloud Foundation (Cloud Foundation)
2. Introduction
An open redirect vulnerability in VMware vRealize Orchestrator was privately reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.
3. VMware vRealize Orchestrator update addresses open redirect vulnerability (CVE-2021-22036)
Description
VMware vRealize Orchestrator contains an open redirect vulnerability due to improper path handling. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.5.
Known Attack Vectors
A malicious actor may be able to redirect victim to an attacker controlled domain due to improper path handling in vRealize Orchestrator leading to sensitive information disclosure.
Resolution
To remediate CVE-2021-22036 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below.
Workarounds
None.
Additional Documentation
None.
Notes
VMware vRealize Automation 8.x is affected since it uses embedded vRealize Orchestrator.
Acknowledgements
VMware would like to thank Marek Takáč of Citadelo for reporting this vulnerability to us.
Response Matrix
Impacted Product Suites that Deploy Response Matrix Components:
Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
VMware Cloud Foundation (vRealize Automation)
|
4.x
|
Any
|
CVE-2021-22036
|
moderate
|
Patch Planned
|
None
|
None
|
4. References
Fixed Version(s) and Release Notes:
VMware vRealize Orchestrator 8.6.0
Downloads and Documentation:
VMware vRealize Automation 8.6.0
Downloads and Documentation:
https://customerconnect.vmware.com/downloads/details?downloadGroup=VRA-860&productId=1206&rPId=75320
Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22036
FIRST CVSSv3 Calculator:
CVE-2021-22036: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5. Change Log
2021-10-12 VMSA-2021-0023
Initial security advisory.
2021-10-13 VMSA-2021-0023.1
Added VMware vRealize Automation 8.x in the Response Matrix section. As it uses embedded vRealize Orchestrator.
6. Contact
E-mail list for product security notifications and announcements:
https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
security-announce@lists.vmware.com
E-mail: security@vmware.com
PGP key at:
VMware Security Advisories
https://www.vmware.com/security/advisories
VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
VMware Security & Compliance Blog
https://blogs.vmware.com/security
Copyright 2021 VMware Inc. All rights reserved.