Security Experts:

Connect with us

Hi, what are you looking for?



VMware vROps Flaws Can Provide ‘Unlimited Opportunities’ in Attacks on Companies

A couple of serious vulnerabilities patched recently by VMware in its vRealize Operations (vROps) product can pose a significant risk to organizations, according to a researcher involved in the discovery of the security bugs.

A couple of serious vulnerabilities patched recently by VMware in its vRealize Operations (vROps) product can pose a significant risk to organizations, according to a researcher involved in the discovery of the security bugs.

The vROps IT operations management product, specifically the vRealize Operations Manager API, is affected by a server-side request forgery (SSRF) vulnerability tracked as CVE-2021-21975, and an arbitrary file write issue tracked as CVE-2021-21983.

According to VMware, the SSRF flaw can allow an attacker with network access to the API to obtain administrative credentials. The second vulnerability allows an authenticated attacker to write files to arbitrary locations on the underlying Photon operating system.

VMware has credited Egor Dimitrenko, a researcher at cybersecurity firm Positive Technologies, for finding the vulnerabilities. Dimitrenko told SecurityWeek that an attacker can chain the vulnerabilities to remotely execute arbitrary code on a server.

The expert warned that in a real-world attack, the vulnerabilities can give threat actors “unlimited opportunities to carry out further attacks on a company’s infrastructure.”

VMware has patched the vulnerabilities in all impacted versions of vRealize Operation Manager, as well as in Cloud Foundation and vRealize Suite Lifecycle Manager. Based on their CVSS score, the vulnerabilities should have a severity rating of “high,” but the virtualization giant’s advisory lists them as “critical.”

It’s important that organizations using vROps patch these vulnerabilities as soon as possible as they could end up being exploited for malicious purposes.

In February, hackers started to scan the internet for VMware vCenter servers affected by a critical vulnerability that was also discovered by researchers at Positive Technologies. The scanning began just one day after VMware announced the availability of patches. However, in that case, PoC exploit code was quickly made available and it had been known that thousands of potentially vulnerable servers were directly accessible from the internet.

Related: VMware Patches Vulnerabilities Exploited at Chinese Hacking Contest

Related: Patch for Critical VMware ESXi Vulnerability Incomplete

Related: Vulnerability in VMware vSphere Replication Can Facilitate Attacks on Enterprises

Related: VMware Patches Remote Code Execution Vulnerability in View Planner

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.


GoAnywhere MFT users warned about a zero-day remote code injection exploit that can be targeted directly from the internet