Security News > 2021 > March > VMware fixes bug allowing attackers to steal admin credentials
VMware has published security updates to address a high severity vulnerability in vRealize Operations that could allow attackers to steal admin credentials after exploiting vulnerable servers.
vRealize Operations is an AI-powered and "Self-driving" IT operations management for private, hybrid, and multi-cloud environments, available as an on-premises or SaaS solution.
The privately reported vulnerability tracked as CVE-2021-21975 is caused by a Server Side Request Forgery bug in the vRealize Operations Manager API. Attackers can exploit the vulnerability remotely without requiring authentications or user interaction in low complexity attacks to steal administrative credentials.
VMware rated the security flaw as high severity giving it a base score of 8.6 out of 10.
VMware has also published workaround instructions for admins who don't want to or can't immediately patch servers running vulnerable vRealize Operations versions.
VMware today fixed a second high-severity vulnerability in the vRealize Operations Manager API and allowing authenticated attackers to remotely "Write files to arbitrary locations on the underlying photon operating system."
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-31 | CVE-2021-21975 | Server-Side Request Forgery (SSRF) vulnerability in VMWare products Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials. | 7.5 |