Chained Vulnerabilities in VMware vRealize Operations Could Lead to Unauthenticated Remote Code Execution

<p style=\"font-weight: 400;\">Researchers have disclosed a pair of vulnerabilities in VMware’s vRealize Operations (vROPs). The most severe flaw, CVE-2021-21975, is a server-side request forgery (SSRF) vulnerability in the vROPs Manager API. An unauthenticated, remote attacker could exploit this vulnerability by sending a specially crafted request to the vulnerable vROPs Manager API endpoint. Successful exploitation would result in the attacker obtaining administrative credentials. </p> <p> </p> <p style=\"font-weight: 400;\">VMware also patched CVE-2021-21983, an arbitrary file write vulnerability in the VROPs Manager API, which can be used to write files to the underlying operating system. This vulnerability is post-authentication, meaning an attacker needs to be authenticated with administrative credentials in order to exploit this flaw.</p> <p> </p> <p style=\"font-weight: 400;\">While on their own, these vulnerabilities may not seem as severe as <a href=\"https://www.tenable.com/blog/cve-2021-21972-vmware-vcenter-server-remote-code-execution-vulnerability\" data-saferedirecturl=\"https://www.google.com/url?q=https://www.tenable.com/blog/cve-2021-21972-vmware-vcenter-server-remote-code-execution-vulnerability&source=gmail&ust=1617278049106000&usg=AFQjCNGFH0USkTQqnvGnK0_MT-Tt42SuGw\">CVE-2021-21972</a>, a remote code execution vulnerability in VMware’s vCenter Server that was patched in February. However, if attackers chain both CVE-2021-21975 and CVE-2021-21983 together, they could also gain remote code execution privileges.</p> <p> </p> <p style=\"font-weight: 400;\">VMware has provided patches for both flaws across vROPs Manager versions 7.5.0 through 8.3.0. They’ve also provided a temporary workaround to prevent attackers from exploiting these flaws. The workaround should only be used as a temporary stop-gap until organizations are able to plan for applying the patches.</p>