JPCERT-AT-2021-0016
JPCERT/CC
2021-04-01
VMware
VMSA-2021-0004
https://www.vmware.com/security/advisories/VMSA-2021-0004.html
In addition, JPCERT/CC has confirmed the information that appear to be the Proof-of-concept code and scanner to search for affected system for the SSRF vulnerability (CVE-2021-21975). Also, the reporting organization of these vulnerabilities pointed out that the vulnerabilities can lead to an unauthenticated remote code execution in vRealize Operations when chained together.
If you are using a product which is affected by these vulnerabilities,please apply the measures by referring to "III. Solution" and"IV. Workarounds".
- VMware vRealize Operations Manager version 8.3.0
- VMware vRealize Operations Manager version 8.2.0
- VMware vRealize Operations Manager version 8.1.1, 8.1.0
- VMware vRealize Operations Manager version 8.0.1, 8.0.0
- VMware vRealize Operations Manager version 7.5.0
- VMware vRealize Operations Manager version 7.0.0
- VMware Cloud Foundation (vROps) versions 4.x
- VMware Cloud Foundation (vROps) versions 3.x
- VMware vRealize Suite Lifecycle Manager (vROps) versions 8.x
- Open casa-security-context.xml and remove the specific line
VMware
vRealize Operations 8.3 Security Patch for VMSA-2021-0004 (83210)
https://kb.vmware.com/s/article/83210
VMware
VMSA-2021-0004
https://www.vmware.com/security/advisories/VMSA-2021-0004.html
Twitter
PT SWARM@ptswarm
https://twitter.com/ptswarm/status/1376961747232382976
If you have any information regarding this alert, please contact JPCERT/CC.
JPCERT Coordination Center (Early Warning Group)
MAIL: ew-info@jpcert.or.jp
https://www.jpcert.or.jp/english/
JPCERT/CC
2021-04-01
I. Overview
On March 30, 2021 (US Time), VMware has released advisory(VMSA-2021-0004) regarding vulnerabilities in VMware vRealize Operations. The vRealize Operations Manager API contains a Server Side Request Forgery vulnerability (CVE-2021-21975) and an arbitrary file write vulnerability (CVE-2021-21983). A remote attacker may steal administrative credentials and write files to arbitrary locations by leveraging these vulnerabilities. For more information,please refer to the information provided by VMware.VMware
VMSA-2021-0004
https://www.vmware.com/security/advisories/VMSA-2021-0004.html
In addition, JPCERT/CC has confirmed the information that appear to be the Proof-of-concept code and scanner to search for affected system for the SSRF vulnerability (CVE-2021-21975). Also, the reporting organization of these vulnerabilities pointed out that the vulnerabilities can lead to an unauthenticated remote code execution in vRealize Operations when chained together.
If you are using a product which is affected by these vulnerabilities,please apply the measures by referring to "III. Solution" and"IV. Workarounds".
II. Affected Products and Versions
Affected products and versions are as follows:- VMware vRealize Operations Manager version 8.3.0
- VMware vRealize Operations Manager version 8.2.0
- VMware vRealize Operations Manager version 8.1.1, 8.1.0
- VMware vRealize Operations Manager version 8.0.1, 8.0.0
- VMware vRealize Operations Manager version 7.5.0
- VMware vRealize Operations Manager version 7.0.0
- VMware Cloud Foundation (vROps) versions 4.x
- VMware Cloud Foundation (vROps) versions 3.x
- VMware vRealize Suite Lifecycle Manager (vROps) versions 8.x
III. Solution
VMware has released patches that address these vulnerabilities.Please consider applying the patch corresponding to each version.According to the advisory, there are no plans to provide patches for VMware vRealize Operations Manager 7.0.0 at the time of this writing.IV. Workarounds
The following measures are mentioned as workarounds. The workarounds need to be applied to every node in the vRealize Operations cluster and require CaSA service restart. For more information, please refer to the information from VMware advisory.- Open casa-security-context.xml and remove the specific line
VMware
vRealize Operations 8.3 Security Patch for VMSA-2021-0004 (83210)
https://kb.vmware.com/s/article/83210
V. References
VMware
VMSA-2021-0004
https://www.vmware.com/security/advisories/VMSA-2021-0004.html
PT SWARM@ptswarm
https://twitter.com/ptswarm/status/1376961747232382976
If you have any information regarding this alert, please contact JPCERT/CC.
JPCERT Coordination Center (Early Warning Group)
MAIL: ew-info@jpcert.or.jp
https://www.jpcert.or.jp/english/