Multiple vulnerabilities in VMware vRealize Operations Manager
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2021-21975 CVE-2021-21983 |
| CWE-ID | CWE-918 CWE-434 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #1 is being exploited in the wild. Public exploit code for vulnerability #2 is available. |
| Vulnerable software |
VMware vRealize Operations Manager (vROps) Server applications / Virtualization software |
| Vendor | VMware, Inc |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Server-Side Request Forgery (SSRF)
EUVDB-ID: #VU51807
Risk: Medium
CVSSv4.0: 8.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Green]
CVE-ID: CVE-2021-21975
CWE-ID:
CWE-918 - Server-Side Request Forgery (SSRF)
Exploit availability: Yes
DescriptionThe disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input within the vRealize Operations Manager API. A remote attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsVMware vRealize Operations Manager (vROps): 7.5 - 8.3.0
CPE2.3- cpe:2.3:a:vmware:vrealize-operations:7.5:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vrealize-operations:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vrealize-operations:8.0.1:*:*:*:*:*:*:*
https://www.vmware.com/security/advisories/VMSA-2021-0004.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
2) Arbitrary file upload
EUVDB-ID: #VU51808
Risk: Medium
CVSSv4.0: 8.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Green]
CVE-ID: CVE-2021-21983
CWE-ID:
CWE-434 - Unrestricted Upload of File with Dangerous Type
Exploit availability: Yes
DescriptionThe vulnerability allows a remote user to compromise vulnerable system.
The vulnerability exists due to insufficient validation of file during file upload in vRealize Operations Manager API. A remote privileged user can upload a malicious file and execute it on the server.
MitigationInstall updates from vendor's website.
Vulnerable software versionsVMware vRealize Operations Manager (vROps): 7.5 - 8.3.0
CPE2.3- cpe:2.3:a:vmware:vrealize-operations:7.5:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vrealize-operations:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vrealize-operations:8.0.1:*:*:*:*:*:*:*
https://www.vmware.com/security/advisories/VMSA-2021-0004.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
