VMware patches critical flaws in vRealize AI platform

The two vulnerabilities could have given attackers access to admin credentials and file writing access

VMware has patched a pair of vulnerabilities that could have given attackers access to admin credentials and file writing access.

The company stated that the first vulnerability, CVE-2021-21975, could allow a malicious actor with network access to the vRealize Operations Manager API to perform a Server Side Request Forgery attack to steal admin credentials

VMware evaluated the danger of the issue and decided it was an “important” severity with a maximum CVSS base score of 8.5. CVSS is an open framework for communicating the characteristics and severity of software vulnerabilities and is marked between 0 and 10, with 10 being critical.

vRealize is the company’s AI-powered platform that delivers “self-driving IT operations management for private, hybrid and multi-cloud environments.”

The second vulnerability, CVE-2021-21983, meant that an authenticated malicious actor with network access to the vRealize Operations Manager API could write files to arbitrary locations on the underlying photon operating system. VMware evaluated the issue to be of an “important” severity as well and gave it a CVSSv3 base score of 7.2.

The company published a security advisory on Tuesday to inform customers of the two vulnerabilities, of which both were reported by Egor Dimitrenko of Positive Technologies. The products impacted are the VMware vRealize Operations, VMware Cloud Foundation and vRealize Suite Lifecycle Manager.

A month ago it emerged that ransomware operators were exploiting VMware ESXi flaws by retooling their strains to exploit vulnerabilities. The flaws, which were patched by the company, included allowing hackers to execute commands on the underlying operating systems that hosts the VCenter Server.

In February, security researchers warned of two ESXi hypervisor flaws that ransomware gangs were using to encrypt virtual hard drives. Hackers reportedly encrypted 1,000 VMs at Brazil’s Superior Tribunal de Justicia, whereas other victims suffered as their VMs were shut down and datastores encrypted and left with a ransom note.

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

FBI shuts down web shells in hacked Exchange servers
cyber security

FBI shuts down web shells in hacked Exchange servers

14 Apr 2021
Russia launched over a million cyber attacks in three months
hacking

Russia launched over a million cyber attacks in three months

13 Apr 2021
Hackers leak data from dark web marketplace
cyber security

Hackers leak data from dark web marketplace

9 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021
Xiaomi Redmi Note 10 Pro review: Champagne tastes on a lemonade budget
Mobile Phones

Xiaomi Redmi Note 10 Pro review: Champagne tastes on a lemonade budget

13 Apr 2021