VMware patches critical flaws in vRealize AI platform
The two vulnerabilities could have given attackers access to admin credentials and file writing access


VMware has patched a pair of vulnerabilities that could have given attackers access to admin credentials and file writing access.
The company stated that the first vulnerability, CVE-2021-21975, could allow a malicious actor with network access to the vRealize Operations Manager API to perform a Server Side Request Forgery attack to steal admin credentials.
VMware evaluated the danger of the issue and decided it was an “important” severity with a maximum CVSS base score of 8.5. CVSS is an open framework for communicating the characteristics and severity of software vulnerabilities and is marked between 0 and 10, with 10 being critical.
vRealize is the company’s AI-powered platform that delivers “self-driving IT operations management for private, hybrid and multi-cloud environments.”
The second vulnerability, CVE-2021-21983, meant that an authenticated malicious actor with network access to the vRealize Operations Manager API could write files to arbitrary locations on the underlying photon operating system. VMware evaluated the issue to be of an “important” severity as well and gave it a CVSSv3 base score of 7.2.
The company published a security advisory on Tuesday to inform customers of the two vulnerabilities, of which both were reported by Egor Dimitrenko of Positive Technologies. The products impacted are the VMware vRealize Operations, VMware Cloud Foundation and vRealize Suite Lifecycle Manager.
A month ago it emerged that ransomware operators were exploiting VMware ESXi flaws by retooling their strains to exploit vulnerabilities. The flaws, which were patched by the company, included allowing hackers to execute commands on the underlying operating systems that hosts the VCenter Server.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
In February, security researchers warned of two ESXi hypervisor flaws that ransomware gangs were using to encrypt virtual hard drives. Hackers reportedly encrypted 1,000 VMs at Brazil’s Superior Tribunal de Justicia, whereas other victims suffered as their VMs were shut down and datastores encrypted and left with a ransom note.
Zach Marzouk is a former ITPro, CloudPro, and ChannelPro staff writer, covering topics like security, privacy, worker rights, and startups, primarily in the Asia Pacific and the US regions. Zach joined ITPro in 2017 where he was introduced to the world of B2B technology as a junior staff writer, before he returned to Argentina in 2018, working in communications and as a copywriter. In 2021, he made his way back to ITPro as a staff writer during the pandemic, before joining the world of freelance in 2022.
-
Why Microsoft thinks diversity will keep security workers relevant in the age of agentic AI
News Improved AI skills and a greater focus on ensuring agents are secure at point of deployment will be key for staying ahead of attackers
By Rory Bathgate
-
Microsoft: get used to working with AI-powered "digital colleagues"
News Tech giant's report suggests we should get ready to work with AI, revealing future trends for the workplace
By Nicole Kobie
-
Broadcom issues urgent alert over three VMware zero-days
News The firm says it has information to suggest all three are being exploited in the wild
By Solomon Klappholz
-
Threat actors are exploiting a VMware ESXi bug which could be “catastrophic” for affected firms
News The VMware ESXi hypervisor has become a favorite target in the digital extortion community, according to researchers
By Solomon Klappholz
-
Everything you need to know about the VMware vCenter Server vulnerability
News A critical flaw in the VMware vCenter Server management software has been exploited in the wild by a Chinese hacking group since late 2021
By Solomon Klappholz
-
VMware Aria: CISA warns customers to immediately patch products
News The disclosure marks the third critical vulnerability in as many months for VMware
By Ross Kelly
-
VMware’s ESXi security issues spur new ransomware gang into action
News The popularity of ESXi combined with a lack of security tools makes it an “attractive target” for threat actors
By Ross Kelly
-
Warning issued over ransomware attacks targeting VMware ESXi servers globally
News Businesses have been urged to patch the two-year-old vulnerability amidst heightened ransomware threats
By Ross Kelly
-
Linux-based Cheerscrypt ransomware found targeting VMware ESXi servers
News Cheerscrypt malware could cause severe disruption to companies using the virtualisation software
By Rene Millman
-
US security agency issues emergency alert over vulnerable VMware products
News A string of actively exploited critical vulnerabilities across five popular VMware products has been described as an "unacceptable risk" to government systems
By Connor Jones