Vmware · Vmware Vrealize Orchestrator · CVE-2021-22036
**Name of the Vulnerable Software and Affected Versions**
VMware vRealize Orchestrator versions 8.x prior to 8.6
**Description**
The issue is related to improper path handling, which may allow a malicious actor to redirect victims to an attacker-controlled domain, potentially leading to sensitive information disclosure. This is due to an open redirect vulnerability in the platform.
**Recommendations**
For versions 8.x prior to 8.6, update to version 8.6 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information and monitoring for suspicious redirects.