VMware Security Advisory

VMSA-2021-0004 – vRealize Operations Manager Vulnerabilities

VMware has released a new security advisory VMSA-2021-0004: VMware vRealize Operations updates address Server Side Request Forgery and Arbitrary File Write vulnerabilities (CVE-2021-21975, CVE-2021-21983).

Multiple vulnerabilities in VMware ESXi, Workstation and Fusion were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products. This advisory documents the remediation of one critical issue and one important issue.

The Common Vulnerabilities and Exposures project has assigned the identifiers CVE-2021-21975 to the server side request forgery vulnerability in vRealize Operations Manager API and CVE-2021-21983 to the arbitrary file write vulnerability in vRealize Operations Manager API.

A malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials. An authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying Photon operating system.

Read More
VMware Security Advisory

VMSA-2020-0009 – VMware vRealize Operations Manager Vulnerability

Updated on 16 May 2020 with fixed versions of vRealize Operations.

VMware has released a new security advisory VMSA-2020-0009: VMware vRealize Operations Manager addresses Authentication Bypass and Directory Traversal vulnerabilities.

Two vulnerabilities were disclosed in Salt, an open source project by SaltStack, which is used by VMware vRealize Operations Manager. This advisory documents the remediation of one critical and one important issues. The Application Remote Collector (ARC) introduced with vRealize Operations Manager 7.5 utilizes Salt and as such presents two vulnerabilities, one authentication bypass and one directory traversal.

The Common Vulnerabilities and Exposures project has assigned the identifiers CVE-2020-11651 to the authentication bypass vulnerability and CVE-2020-11652 to the directory traversal.

A malicious actor with network access to port 4505 or 4506 on the ARC may take control of the ARC and any Virtual Machines the ARC may have deployed a Telegraf agent to. For the second vulnerability, a malicious actor with network access to port 4505 or 4506 on the ARC may access the entirety of the ARC filesystem.

Read More