VMware has published security updates to address a high severity vulnerability in vRealize Operations that could allow attackers to steal admin credentials after exploiting vulnerable servers.
vRealize Operations is an AI-powered and “self-driving” IT operations management for private, hybrid, and multi-cloud environments, available as an on-premises or SaaS solution.
The vulnerability was discovered and reported to VMware by Positive Technologies web security researcher Egor Dimitrenko.
The privately reported vulnerability tracked as CVE-2021-21975 is caused by a Server Side Request Forgery bug in the vRealize Operations Manager API.
Attackers can exploit the vulnerability remotely without requiring authentications or user interaction in low complexity attacks to steal administrative credentials.
Also Read: Practitioner Certificate In Personal Data Protection: Everything You Need To Know
VMware rated the security flaw as high severity giving it a base score of 8.6 out of 10.
Details on how to get the security patch for vRealize Operations are available in the support articles linked below:
VMware has also published workaround instructions for admins who don’t want to or can’t immediately patch servers running vulnerable vRealize Operations versions (e.g., there is no patch for their version).
As the company explained, there are is no impact after applying the workaround measures and no functionality will be affected.
To work around this issue, you will have to remove a configuration line from the casa-security-context.xml file and restart the CaSA service on the affected device.
Detailed information on how to do that is available in the support articles linked above for each security patch/version.
VMware today fixed a second high-severity vulnerability in the vRealize Operations Manager API (tracked as CVE-2021-21974) and allowing authenticated attackers to remotely “write files to arbitrary locations on the underlying photon operating system.”
Also Read: The DNC Singapore: Looking At 2 Sides Better
When chained together, CVE-2021-21975 and CVE-2021-21983 lead to pre-auth remote code execution (RCE) on unpatched vRealize Operations servers.
Importance of Efficient Access Controls that every Organisation in Singapore should take note of. Enhancing…
Prioritizing Security Measures When Launching a Webpage That Every Organisation in Singapore should take note…
Importance of Regularly Changing Passwords for Enhance Online Security that every Organisation in Singapore should…
Comprehensive Approach to Data Protection and Operational Integrity that every Organsiation in Singapore should know…
Here's the importance of Pre-Launch Testing in IT Systems Implementation for Organisations in Singapore. The…
Understanding Liability in IT Vendor Relationships that every Organisation in Singapore should look at. Understanding…
This website uses cookies.
