{"id":41960,"date":"2021-03-31T12:47:47","date_gmt":"2021-03-31T12:47:47","guid":{"rendered":"http:\/\/icloud.pe\/blog\/?guid=7d91a121cb5e5bb3c76515d99a7a6703"},"modified":"2021-03-31T12:47:47","modified_gmt":"2021-03-31T12:47:47","slug":"vmware-patches-critical-flaws-in-vrealize-ai-platform","status":"publish","type":"post","link":"https:\/\/icloud.pe\/blog\/vmware-patches-critical-flaws-in-vrealize-ai-platform\/","title":{"rendered":"VMware patches critical flaws in vRealize AI platform"},"content":{"rendered":"<p><span class=\"field field-name-field-author field-type-node-reference field-label-hidden\"><br \/>\n      <span class=\"field-item even\"><a href=\"https:\/\/www.cloudpro.co.uk\/authors\/zach-marzouk\">Zach Marzouk<\/a><\/span><br \/>\n  <\/span><\/p>\n<div class=\"field field-name-field-published-date field-type-datetime field-label-hidden\">\n<div class=\"field-items\">\n<div class=\"field-item even\"><span class=\"date-display-single\">31 Mar, 2021<\/span><\/div>\n<\/p><\/div>\n<\/div>\n<p class=\"short-teaser\">\n<a href=\"https:\/\/www.cloudpro.co.uk\/\" title=\"\" class=\"combined-link\"><\/a><\/p>\n<div class=\"field field-name-body\">\n<p>VMware has patched a pair of\u00a0vulnerabilities that could have given attackers access to admin credentials and file writing access.<\/p>\n<p>The company stated that the first vulnerability, CVE-2021-21975, could allow\u00a0a malicious actor with network access to the vRealize Operations Manager API to perform a Server Side Request Forgery attack to steal\u00a0<a href=\"https:\/\/www.itpro.co.uk\/security\/ransomware\/359050\/ransomware-gang-offers-to-refund-victims-payments\" >admin credentials<\/a>.\u00a0<\/p>\n<p>VMware evaluated the danger of the issue and decided it was an \u201cimportant\u201d severity with a maximum\u00a0<a href=\"https:\/\/www.itpro.co.uk\/security\/vulnerability\/356281\/hackers-primed-to-exploit-cvss-10-rated-flaw-in-palo-altos-pan-os\" >CVSS<\/a>\u00a0base score of 8.5. CVSS is an open framework for communicating the characteristics and severity of software vulnerabilities and is marked between 0 and 10, with 10 being critical.<\/p>\n<p><!--wysiwyg_see-related_plugin--><\/p>\n<p>\nvRealize is the company\u2019s\u00a0<a href=\"https:\/\/www.itpro.co.uk\/technology\/artificial-intelligence-ai\/359077\/google-unveils-new-document-scanning-app-stack\" >AI<\/a>-powered platform that delivers \u201cself-driving IT operations management for private, hybrid and multi-cloud environments.\u201d<\/p>\n<p>The second vulnerability, CVE-2021-21983, meant that an authenticated\u00a0<a href=\"https:\/\/www.itpro.co.uk\/security\/hacking\/358754\/malicious-dependency-confusion-packages-are-stealing-password-files\" >malicious<\/a>\u00a0actor with network access to the vRealize Operations Manager API could write files to arbitrary locations on the underlying photon operating system. VMware evaluated the issue to be of an \u201cimportant\u201d severity as well and gave it a CVSSv3 base score of 7.2.<\/p>\n<p>The company\u00a0<a href=\"https:\/\/www.vmware.com\/security\/advisories\/VMSA-2021-0004.html\" >published a security advisory<\/a>\u00a0on Tuesday to inform customers of the two vulnerabilities, of which both were reported by Egor Dimitrenko of Positive Technologies. The products impacted are the VMware vRealize Operations, VMware Cloud Foundation and vRealize Suite Lifecycle Manager.<\/p>\n<p>A month ago it emerged that\u00a0<a href=\"https:\/\/www.itpro.co.uk\/security\/ransomware\/358735\/ransomware-operators-exploiting-vmware-esxi-flaws\" >ransomware operators were exploiting VMware ESXi flaws<\/a>\u00a0by retooling their strains to exploit vulnerabilities. The flaws, which were patched by the company, included allowing hackers to execute commands on the underlying operating systems that hosts the VCenter Server.<\/p>\n<p>In February, security researchers\u00a0<a href=\"https:\/\/www.itpro.co.uk\/network-internet\/vmware\/358500\/hackers-encrypt-virtual-hard-disks-using-two-vmware-esxi\" >warned of two ESXi hypervisor flaws<\/a>\u00a0that ransomware gangs were using to encrypt virtual hard drives. Hackers reportedly encrypted 1,000 VMs at Brazil\u2019s Superior Tribunal de Justicia, whereas other victims suffered as their VMs were shut down and datastores encrypted and left with a ransom note. <\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>      Zach Marzouk<\/p>\n<p>        31 Mar, 2021    <\/p>\n<p>      VMware has patched a pair of\u00a0vulnerabilities that could have given attackers access to admin credentials and file writing access.<br \/>\nThe company stated that the first vulnerability, CVE-2021-21975,&#8230;<\/p>\n","protected":false},"author":654,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-41960","post","type-post","status-publish","format-standard","hentry"],"_links":{"self":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/41960","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/users\/654"}],"replies":[{"embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/comments?post=41960"}],"version-history":[{"count":1,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/41960\/revisions"}],"predecessor-version":[{"id":41961,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/41960\/revisions\/41961"}],"wp:attachment":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/media?parent=41960"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/categories?post=41960"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/tags?post=41960"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}