Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

VMware fixed flaws in vROps that can be chained to compromise organizations

VMware addressed two vulnerabilities in its vRealize Operations (vROps) product that can expose organizations to a significant risk of attacks The vROps delivers self-driving IT operations management for private, hybrid, and multi-cloud environments in a unified, AI-powered platform. Security researcher Egor Dimitrenko from Positive Technologies discovered a server-side request forgery (SSRF) vulnerability tracked as CVE-2021-21975 […]

VMware vROps

VMware addressed two vulnerabilities in its vRealize Operations (vROps) product that can expose organizations to a significant risk of attacks

The vROps delivers self-driving IT operations management for private, hybrid, and multi-cloud environments in a unified, AI-powered platform.

Security researcher Egor Dimitrenko from Positive Technologies discovered a server-side request forgery (SSRF) vulnerability tracked as CVE-2021-21975 and an arbitrary file write issue tracked as CVE-2021-21983.

The CVE-2021-21975 is a Server Side Request Forgery in vRealize Operations Manager API rated as “Important’ severity which received a CVSSv3 base score of 8.6.

The flaw can be exploited by an attacker with network access to the vRealize Operations Manager API to perform to steal administrative credentials.

The CVE-2021-21983 vulnerability is an arbitrary file write vulnerability that affects in vRealize Operations Manager API that was evaluated as ‘Important’ severity with a CVSSv3 base score of 7.2.

The flaw can be exploited by an authenticated attacker with network access to the vRealize Operations Manager API to write files to arbitrary locations on the underlying photon operating system.

The two vulnerabilities could be chained by a remote attacker to execute arbitrary code on a server giving and carry out multiple attacks on a company’s infrastructure.

“On March 30, Positive Technologies published a tweet highlighting the vulnerabilities discovered by Dimitrenko. The tweet disclosed a further risk to unpatched systems in which attackers could achieve unauthenticated RCE on vulnerable systems by chaining both CVE-2021-21975 and CVE-2021-21983 together.” reported Tenable. “No details have been shared publicly as to how this can be achieved, but we anticipate researchers or threat actors to develop a proof-of-concept (PoC) exploit in the near future.”

VMware released the following updates for vRealize Operations to fix the above flaws:

Affected ProductVulnerable VersionFixed VersionKB Article
vRealize Operations Manager8.3.0vROps-8.3.0-HF3KB83210
vRealize Operations Manager8.2.0vROps-8.2.0-HF4KB83095
vRealize Operations Manager8.1.1, 8.1.0vROps-8.1.1-HF6KB83094
vRealize Operations Manager8.0.1, 8.0.0vROps-8.0.1-HF7KB83093
vRealize Operations Manager7.5.0vROps-7.5.0-HF14KB82367

The virtualization giant has also provided workaround instructions for CVE-2021-21975 and CVE-2021-21983 that involve modifying the casa-security-context.xml file and restarting the Cluster Analytic (CaSA) service.

Experts urge organizations using vROps to install security patches to address the above vulnerabilities as soon as possible to mitigate the risk of cyber attacks exploiting them.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, RCE)

[adrotate banner=”5″]

[adrotate banner=”13″]