VMware vRealize Operations Manager 7.5.x / 8.x Multiple Vulnerabilities (VMSA-2021-0004)

high Nessus Plugin ID 148255

Synopsis

VMware vRealize Operations running on the remote host is affected by a Server Side Request Forgery and Arbitrary File Write vulnerabilities.

Description

The version of VMware vRealize Operations (vROps) Manager running on the remote web server is 7.5.x prior to 7.5.0.17771878, 8.0.0 prior to 8.0.1.17771851, or 8.1.0 prior to 8.1.1.17772462 or 8.2.0 prior to 8.2.0.17771778 or 8.3.0 prior to 8.3.0.17787340. It is, therefore, affected by a multiple vulnerablities.

- A malicious actor with network access to the vRealize Operations Manager API can perform a Server Side request Forgery attack to steal administrative credentials. (CVE-2021-21975)

- An authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system.(CVE-2021-21983)

Solution

Upgrade to VMware vRealize Operations Manager version 7.5.0.17771878, 8.0.1.17771851, 8.1.1.17772462, 8.2.0.17771778, 8.3.0.17787340 or later.

See Also

https://www.vmware.com/security/advisories/VMSA-2021-0004.html

Plugin Details

Severity: High

ID: 148255

File Name: vmware_vrealize_operations_manager_VMSA-2021-004.nasl

Version: 1.9

Type: remote

Family: Misc.

Published: 3/31/2021

Updated: 4/25/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 8.5

Temporal Score: 7

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:C/A:C

CVSS Score Source: CVE-2021-21983

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

CVSS Score Source: CVE-2021-21975

Vulnerability Information

CPE: cpe:/a:vmware:vrealize_operations

Required KB Items: installed_sw/vRealize Operations Manager

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/30/2021

Vulnerability Publication Date: 3/30/2021

CISA Known Exploited Vulnerability Due Dates: 2/1/2022

Exploitable With

Metasploit (VMware vRealize Operations (vROps) Manager SSRF RCE)

Reference Information

CVE: CVE-2021-21975, CVE-2021-21983

VMSA: 2021-0004