VMware security teams announced the release of security patches to fix a severe flaw in vRealize Operations whose exploit would allow threat actors to steal administrator credentials on vulnerable servers.
vRealize Operations is an AI-powered and “self-driving” IT operations management platform, powered by artificial intelligence for private, hybrid, and cloud environments.
Impacted Products
- VMware vRealize Operations
- VMware Cloud Foundation
- vRealize Suite Lifecycle Manage
Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975)
The vRealize Operations Manager API contains a Server Side Request Forgery. VMware has evaluated this issue to be of ‘Important’ severity with a maximum CVSSv3 base score of 8.6.
A malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.
Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983)
The vRealize Operations Manager API contains an arbitrary file write vulnerability. VMware has evaluated this issue to be of ‘Important’ severity with a maximum CVSSv3 base score of 7.2.
An authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system.
Security Patch for vRealize Operations are Available
- vRealize Operations 7.5.0 Security Patch
- vRealize Operations 8.0.1/8.0.0 Security Patch
- vRealize Operations 8.1.1/8.1.0 Security Patch
- vRealize Operations 8.2.0 Security Patch
- vRealize Operations 8.3.0 Security Patch
Workaround Available
VMware has published workaround instructions for admins who don’t want to or can’t immediately patch servers running vulnerable vRealize Operations versions.
The company clarifies, there is no impact after applying the workaround measures and no functionality will be affected.
To work around this issue, you will have to remove a configuration line from the casa-security-context.xml file and restart the CaSA service on the affected device.
You can follow us on Linkedin, Twitter, Facebook for daily Cyber security and hacking news updates.
Suggested Read