Security News > 2021 > April > VMware patches critical vRealize Operations flaws that could lead to RCE
Two vulnerabilities recently patched by VMware in its vRealize Operations platform can be chained together to achieve unauthenticated remote code execution on the underlying operating system, Positive Technologies researchers have found.
There is no PoC currently available and no mention of the vulnerabilities being exploited in the wild.
VMware vRealize Operations vulnerabilities could lead to RCE. VMware vRealize Operations is a unified, AI-powered platform for IT operations management for private, hybrid, and multi-cloud environments.
It is available on premises and as SaaS. Both vulnerabilities are in the vRealize Operations Manager API. CVE-2021-21975 is a Server Side Request Forgery flaw that could be exploited remotely by an unauthenticated attacker to steal administrative credentials, and CVE-2021-21983 is an arbitrary file write vulnerability that could allow an authenticated remote attacker to write files to arbitrary locations on the underlying operating system.
The vulnerabilities are present in vRealize Operations Manager 7.5.0, 8.0.1, 8.0.0, 8.1.1, 8.1.0, 8.2.0, and 8.3.0, and also impact VMware Cloud Foundation versions 3.x and 4.x and vRealize Suite Lifecycle Manager v8.
Security researcher Egor Dimitrenko of Positive Technologies has been credited with discovering and reporting the vulnerabilities to VMware.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/BdXreyOvnec/
Related news
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Critical RCE flaw in Apache Tomcat actively exploited in attacks (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist (source)
- Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication (source)
- Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability (source)
- Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (source)
- Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-31 | CVE-2021-21975 | Server-Side Request Forgery (SSRF) vulnerability in VMWare products Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials. | 7.5 |
| 2021-03-31 | CVE-2021-21983 | Unspecified vulnerability in VMWare products Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system. | 6.5 |