Security News > 2021 > April > VMware vROps Flaws Can Provide 'Unlimited Opportunities' in Attacks on Companies
A couple of serious vulnerabilities patched recently by VMware in its vRealize Operations product can pose a significant risk to organizations, according to a researcher involved in the discovery of the security bugs.
The vROps IT operations management product, specifically the vRealize Operations Manager API, is affected by a server-side request forgery vulnerability tracked as CVE-2021-21975, and an arbitrary file write issue tracked as CVE-2021-21983.
VMware has credited Egor Dimitrenko, a researcher at cybersecurity firm Positive Technologies, for finding the vulnerabilities.
The expert warned that in a real-world attack, the vulnerabilities can give threat actors "Unlimited opportunities to carry out further attacks on a company's infrastructure."
VMware has patched the vulnerabilities in all impacted versions of vRealize Operation Manager, as well as in Cloud Foundation and vRealize Suite Lifecycle Manager.
In February, hackers started to scan the internet for VMware vCenter servers affected by a critical vulnerability that was also discovered by researchers at Positive Technologies.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-31 | CVE-2021-21975 | Server-Side Request Forgery (SSRF) vulnerability in VMWare products Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials. | 7.5 |
| 2021-03-31 | CVE-2021-21983 | Unspecified vulnerability in VMWare products Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system. | 6.5 |