Insecure Object Reference Vulnerability in vRealize Operations Manager API (8.x prior to 8.5) Allows Account Takeover

Insecure Object Reference Vulnerability in vRealize Operations Manager API (8.x prior to 8.5) Allows Account Takeover

CVE-2021-22023 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover.

Learn more about our Api Penetration Testing.