VMware patches critical vRealize Operations platform vulnerabilities | ZDNet
VMware patches critical vRealize Operations platform vulnerabilities
Administrator credentials could be stolen by exploiting the bugs.
Charlie Osborne
By Charlie Osborne for Zero Day | March 31, 2021 -- 11:07 GMT (12:07 BST) | Topic: Security
VMware has patched a pair of severe vulnerabilities that could lead to the theft of administrator credentials in vRealize.
SECURITY
Microsoft: Firmware attacks are on the rise and you aren't worrying about them enough
Cyber security 101: Protect your privacy from hackers, spies, and the government
The best antivirus software and apps
The best VPNs for business and home use
The best security keys for two-factor authentication
Why some governments are getting cyber crime gangs to do their hacking for them (ZDNet YouTube)
vRealize Operations is described as an artificial intelligence (AI)-based platform that provides "self-driving IT operations management for private, hybrid, and multi-cloud environments."
On Tuesday, the software vendor published a security advisory for the security flaws which impact VMware vRealize Operations, VMware Cloud Foundation, and vRealize Suite Lifecycle Manager.
The vulnerabilities were reported privately to VMware by Positive Technologies penetration tester Egor Dimitrenko.
The first vulnerability, tracked as CVE-2021-21975, is a server-side request forgery (SSRF) bug with a CVSS score of 8.6 out of 10.
Found in the vRealize Operations Manager API, the security flaw permits threat actors with network access to perform SSRF attacks and steal administrator credentials.
The second bug, CVE-2021-21983, was also discovered by Dimitrenko in the same API. This arbitrary write vulnerability, issued a severity score of 7.2, does require an attacker to be authenticated and have network access to exploit.
If these conditions are met, however -- such as by triggering the first vulnerability to steal the necessary credentials -- this permits attackers to "write files to arbitrary locations on the underlying photon operating system," according to VMware.
Patches have been issued for the vulnerabilities, which impact vRealize Operations Manager 7.5.0, 8.0.1, 8.0.0, 8.1.1, 8.1.0, 8.2.0, and 8.3.0 on any type of operating system deployment. The security flaws also impact VMware Cloud Foundation versions 3x and 4x, alongside vRealize Suite Lifecycle Manager 8x.
VMware has provided security patches and workarounds for IT administrators who are unable to immediately apply the fixes.
Administrator credentials could be stolen by exploiting the bugs.
Charlie Osborne
By Charlie Osborne for Zero Day | March 31, 2021 -- 11:07 GMT (12:07 BST) | Topic: Security
VMware has patched a pair of severe vulnerabilities that could lead to the theft of administrator credentials in vRealize.
SECURITY
Microsoft: Firmware attacks are on the rise and you aren't worrying about them enough
Cyber security 101: Protect your privacy from hackers, spies, and the government
The best antivirus software and apps
The best VPNs for business and home use
The best security keys for two-factor authentication
Why some governments are getting cyber crime gangs to do their hacking for them (ZDNet YouTube)
vRealize Operations is described as an artificial intelligence (AI)-based platform that provides "self-driving IT operations management for private, hybrid, and multi-cloud environments."
On Tuesday, the software vendor published a security advisory for the security flaws which impact VMware vRealize Operations, VMware Cloud Foundation, and vRealize Suite Lifecycle Manager.
The vulnerabilities were reported privately to VMware by Positive Technologies penetration tester Egor Dimitrenko.
The first vulnerability, tracked as CVE-2021-21975, is a server-side request forgery (SSRF) bug with a CVSS score of 8.6 out of 10.
Found in the vRealize Operations Manager API, the security flaw permits threat actors with network access to perform SSRF attacks and steal administrator credentials.
The second bug, CVE-2021-21983, was also discovered by Dimitrenko in the same API. This arbitrary write vulnerability, issued a severity score of 7.2, does require an attacker to be authenticated and have network access to exploit.
If these conditions are met, however -- such as by triggering the first vulnerability to steal the necessary credentials -- this permits attackers to "write files to arbitrary locations on the underlying photon operating system," according to VMware.
Patches have been issued for the vulnerabilities, which impact vRealize Operations Manager 7.5.0, 8.0.1, 8.0.0, 8.1.1, 8.1.0, 8.2.0, and 8.3.0 on any type of operating system deployment. The security flaws also impact VMware Cloud Foundation versions 3x and 4x, alongside vRealize Suite Lifecycle Manager 8x.
VMware has provided security patches and workarounds for IT administrators who are unable to immediately apply the fixes.
