VMWare vRealize SSRF & Arbitrary File Write Vulnerability Alert
On March 30, 2021, VMWare had issued a risk notice of VMSA-2021-0004 to alert two vulnerabilities on VMWare vRealize. The vulnerability number is CVE-2021-21975, CVE-2021-21983. It is worth noting that these two vulnerabilities can cooperate with each other to realize remote code execution without authentication.
Vulnerability Detail
- CVE-2021-21975: Server Side Request Forgery in vRealize Operations Manager API
A malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials. - CVE-2021-21983: Arbitrary file write vulnerability in vRealize Operations Manager API
An authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system.
Affected version
- vRealize Operations Manager: 8.0.0, 8.0.1, 8.3.0, 8.1.0, 8.1.1, 8.2.0, 7.5.0
- VMware Cloud Foundation (vROps): 4.x 3.x
- vRealize Suite Lifecycle Manager (vROps): 8.x
Solution
In this regard, we recommend that users upgrade vRealize to the latest version in time.