VMWare vRealize SSRF & Arbitrary File Write Vulnerability Alert
- CVE-2021-21975: Server Side Request Forgery in vRealize Operations Manager API
A malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.
- CVE-2021-21983: Arbitrary file write vulnerability in vRealize Operations Manager API
An authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system.
- vRealize Operations Manager: 8.0.0, 8.0.1, 8.3.0, 8.1.0, 8.1.1, 8.2.0, 7.5.0
- VMware Cloud Foundation (vROps): 4.x 3.x
- vRealize Suite Lifecycle Manager (vROps): 8.x