VMware has patched a pair of vulnerabilities that could have given attackers access to admin credentials and file writing access.
The company stated that the first vulnerability, CVE-2021-21975, could allow a malicious actor with network access to the vRealize Operations Manager API to perform a Server Side Request Forgery attack to steal admin credentials.
VMware evaluated the danger of the issue and decided it was an “important” severity with a maximum CVSS base score of 8.5. CVSS is an open framework for communicating the characteristics and severity of software vulnerabilities and is marked between 0 and 10, with 10 being critical.
vRealize is the company’s AI-powered platform that delivers “self-driving IT operations management for private, hybrid and multi-cloud environments.”
The second vulnerability, CVE-2021-21983, meant that an authenticated malicious actor with network access to the vRealize Operations Manager API could write files to arbitrary locations on the underlying photon operating system. VMware evaluated the issue to be of an “important” severity as well and gave it a CVSSv3 base score of 7.2.
The company published a security advisory on Tuesday to inform customers of the two vulnerabilities, of which both were reported by Egor Dimitrenko of Positive Technologies. The products impacted are the VMware vRealize Operations, VMware Cloud Foundation and vRealize Suite Lifecycle Manager.
A month ago it emerged that ransomware operators were exploiting VMware ESXi flaws by retooling their strains to exploit vulnerabilities. The flaws, which were patched by the company, included allowing hackers to execute commands on the underlying operating systems that hosts the VCenter Server.
In February, security researchers warned of two ESXi hypervisor flaws that ransomware gangs were using to encrypt virtual hard drives. Hackers reportedly encrypted 1,000 VMs at Brazil’s Superior Tribunal de Justicia, whereas other victims suffered as their VMs were shut down and datastores encrypted and left with a ransom note.
-
Marc Benioff’s agentic AI gambit is paying dividendsAnalysis Agentforce is dominating the agenda at Salesforce – and it appears to be working
-
Enterprises are worried about agentic AI security risks – Gartner says the answer is just adding more AI agentsNews Not content with deploying agents for frontline operations, some enterprises might double down with ‘guardian agents’ to monitor their bot-based workforces
-
Broadcom issues urgent alert over three VMware zero-daysNews The firm says it has information to suggest all three are being exploited in the wild
-
Threat actors are exploiting a VMware ESXi bug which could be “catastrophic” for affected firmsNews The VMware ESXi hypervisor has become a favorite target in the digital extortion community, according to researchers
-
Everything you need to know about the VMware vCenter Server vulnerabilityNews A critical flaw in the VMware vCenter Server management software has been exploited in the wild by a Chinese hacking group since late 2021
-
VMware Aria: CISA warns customers to immediately patch productsNews The disclosure marks the third critical vulnerability in as many months for VMware
-
VMware’s ESXi security issues spur new ransomware gang into actionNews The popularity of ESXi combined with a lack of security tools makes it an “attractive target” for threat actors
-
Warning issued over ransomware attacks targeting VMware ESXi servers globallyNews Businesses have been urged to patch the two-year-old vulnerability amidst heightened ransomware threats
-
Linux-based Cheerscrypt ransomware found targeting VMware ESXi serversNews Cheerscrypt malware could cause severe disruption to companies using the virtualisation software
-
US security agency issues emergency alert over vulnerable VMware productsNews A string of actively exploited critical vulnerabilities across five popular VMware products has been described as an "unacceptable risk" to government systems
