VMware vRealize Operations updates address multiple security vulnerabilities (CVE-2021-22022, CVE-2021-22023, CVE-2021-22024, CVE-2021-22025, CVE-2021-22026, CVE-2021-22027)

3a. Arbitrary file read vulnerability in vRealize Operations Manager API (CVE-2021-22022)

The vRealize Operations Manager API contains an arbitrary file read vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.4.

3b. Insecure direct object reference vulnerability in vRealize Operations Manager API (CVE-2021-22023)

The vRealize Operations Manager API has insecure object reference vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.6.

3c. Arbitrary log-file read vulnerability in vRealize Operations Manager API (CVE-2021-22024)

The vRealize Operations Manager API contains an arbitrary log-file read vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.5.

3d. Broken access control vulnerability in vRealize Operations Manager API (CVE-2021-22025)

The vRealize Operations Manager API contains a broken access control vulnerability leading to unauthenticated API access. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.6.

3e. Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-22026, CVE-2021-22027)

The vRealize Operations Manager API contains a Server Side Request Forgery in multiple end points. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.5.