Arbitrary Log File Read Vulnerability in vRealize Operations Manager API (8.x prior to 8.5)

Arbitrary Log File Read Vulnerability in vRealize Operations Manager API (8.x prior to 8.5)

CVE-2021-22024 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can read any log file resulting in sensitive information disclosure.

Learn more about our Api Penetration Testing.