3a. Arbitrary file read vulnerability in vRealize Operations Manager API (CVE-2021-22022)
The vRealize Operations Manager API contains an arbitrary file read vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.4.
3b. Insecure direct object reference vulnerability in vRealize Operations Manager API (CVE-2021-22023)
The vRealize Operations Manager API has insecure object reference vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.6.
3c. Arbitrary log-file read vulnerability in vRealize Operations Manager API (CVE-2021-22024)
The vRealize Operations Manager API contains an arbitrary log-file read vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.5.
3d. Broken access control vulnerability in vRealize Operations Manager API (CVE-2021-22025)
The vRealize Operations Manager API contains a broken access control vulnerability leading to unauthenticated API access. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.6.
3e. Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-22026, CVE-2021-22027)
The vRealize Operations Manager API contains a Server Side Request Forgery in multiple end points. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.5.
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22022
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22023
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22024
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22025
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22026
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22027
kb.vmware.com/s/article/85378
kb.vmware.com/s/article/85379
kb.vmware.com/s/article/85380
kb.vmware.com/s/article/85381
kb.vmware.com/s/article/85382
kb.vmware.com/s/article/85383
kb.vmware.com/s/article/85452
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N