CVE-2021-22036

Name of the Vulnerable Software and Affected Versions VMware vRealize Orchestrator versions 8.x prior to 8.6

Description The issue is related to improper path handling, which may allow a malicious actor to redirect victims to an attacker-controlled domain, potentially leading to sensitive information disclosure. This is due to an open redirect vulnerability in the platform.

Recommendations For versions 8.x prior to 8.6, update to version 8.6 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information and monitoring for suspicious redirects.