CVE-2021-22023

Name of the Vulnerable Software and Affected Versions vRealize Operations Manager API versions 8.x prior to 8.5

Description The issue is related to an insecure object reference vulnerability in the vRealize Operations Manager API. This vulnerability can be exploited by a malicious actor with administrative access, potentially allowing them to modify other users' information and leading to an account takeover. The vulnerability is also associated with insufficient validation of incoming requests, which could allow a remote attacker to disclose protected information.

Recommendations For versions 8.x prior to 8.5, update to version 8.5 or later to resolve the issue. As a temporary workaround, consider restricting administrative access to the vRealize Operations Manager API to minimize the risk of exploitation. Additionally, monitor user account activity for any suspicious modifications.