VMWare vRealize SSRF & Arbitrary File Write Vulnerability Alert

On March 30, 2021, VMWare had issued a risk notice of VMSA-2021-0004 to alert two vulnerabilities on VMWare vRealize.  The vulnerability number is CVE-2021-21975, CVE-2021-21983. It is worth noting that these two vulnerabilities can cooperate with each other to realize remote code execution without authentication.
VMWare vRealize Vulnerability

Vulnerability Detail

  • CVE-2021-21975: Server Side Request Forgery in vRealize Operations Manager API
    A malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.
  • CVE-2021-21983: Arbitrary file write vulnerability in vRealize Operations Manager API
    An authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system.

Affected version

  • vRealize Operations Manager: 8.0.0, 8.0.1, 8.3.0, 8.1.0, 8.1.1, 8.2.0, 7.5.0
  • VMware Cloud Foundation (vROps): 4.x 3.x
  • vRealize Suite Lifecycle Manager (vROps): 8.x

Solution

In this regard, we recommend that users upgrade vRealize to the latest version in time.