If an attacker has access to the same network from which the vulnerable VMWare servers accept incoming requests, they would be able to exploit CVE-2021-21975 and attempt to steal administrator credentials. Once stolen, they could then use those credentials to “write files to arbitrary locations on the underlying photon operating system.” That’s why it is always best to limit direct access to servers and not permit open access from the Internet unless necessary. Patches have been issued for the vulnerabilities, which impact vRealize Operations Manager 7.5.0, 8.0.1, 8.0.0, 8.1.1, 8.1.0, 8.2.0, and 8.3.0 on any type of operating system deployment. The flaws also affect VMware Cloud Foundation versions 3x and 4x, alongside vRealize Suite Lifecycle Manager 8x. Binary Defense recommends updating and patching critical servers as soon as possible after security patches are released. VMware has provided work-around mitigation information for IT administrators that are unable to update their systems immediately. Those can be found here: https://kb.vmware.com/s/article/83210. Patch information can be found here: https://kb.vmware.com/s/article/83265.

Source:
https://www.zdnet.com/article/vmware-patches-critical-vrealize-operations-vulnerabilities/