VMware has patched a pair of severe vulnerabilities that could lead to the theft of administrator credentials in vRealize.
vRealize Operations is described as an artificial intelligence (AI)-based platform that provides “self-driving IT operations management for private, hybrid, and multi-cloud environments.”
On Tuesday, the software vendor published a security advisory for the security flaws which impact VMware vRealize Operations, VMware Cloud Foundation, and vRealize Suite Lifecycle Manager.
The vulnerabilities were reported privately to VMware by Positive Technologies penetration tester Egor Dimitrenko.
The first vulnerability, tracked as CVE-2021-21975, is a server-side request forgery (SSRF) bug with a CVSS score of 8.6 out of 10.
Found in the vRealize Operations Manager API, the security flaw permits threat actors with network access to perform SSRF attacks and steal administrator credentials.
The second bug, CVE-2021-21983, was also discovered by Dimitrenko in the same API. This arbitrary write vulnerability, issued a severity score of 7.2, does require an attacker to be authenticated and have network access to exploit.
If these conditions are met, however — such as by triggering the first vulnerability to steal the necessary credentials — this permits attackers to “write files to arbitrary locations on the underlying photon operating system,” according to VMware.
Patches have been issued for the vulnerabilities, which impact vRealize Operations Manager 7.5.0, 8.0.1, 8.0.0, 8.1.1, 8.1.0, 8.2.0, and 8.3.0 on any type of operating system deployment. The security flaws also impact VMware Cloud Foundation versions 3x and 4x, alongside vRealize Suite Lifecycle Manager 8x.
VMware has provided security patches and workarounds for IT administrators who are unable to immediately apply the fixes.
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0