VMware published a security alert on Tuesday, March 30th, outlining two separate severe vulnerabilities within their vRealize Operations, VMware Cloud Foundation, and vRealize Suite Lifecycle Manager software. The vulnerabilities were reported to VMware by Egor Dimitrenko, a Positive Technologies penetration tester. The first vulnerability is tracked as CVE-2021-21975 and received a CVSS score of 8.6 out of 10. CVE-2021-21975 is a Server-Side Request Forgery (SSRF) vulnerability found in the vRealize Operations Manager API and permits threat actors with network access to perform SSRF attacks and steal administrator credentials. The second bug is tracked as CVE-2021-21983 and received a CVSS score of 7.2 out of 10. This arbitrary write vulnerability does require an attacker to be authenticated and have network access to exploit.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security