VMware fixed flaws in vROps that can be chained to compromise organizations

Pierluigi Paganini April 01, 2021

VMware addressed two vulnerabilities in its vRealize Operations (vROps) product that can expose organizations to a significant risk of attacks

The vROps delivers self-driving IT operations management for private, hybrid, and multi-cloud environments in a unified, AI-powered platform.

Security researcher Egor Dimitrenko from Positive Technologies discovered a server-side request forgery (SSRF) vulnerability tracked as CVE-2021-21975 and an arbitrary file write issue tracked as CVE-2021-21983.

The CVE-2021-21975 is a Server Side Request Forgery in vRealize Operations Manager API rated as “Important’ severity which received a CVSSv3 base score of 8.6.

The flaw can be exploited by an attacker with network access to the vRealize Operations Manager API to perform to steal administrative credentials.

The CVE-2021-21983 vulnerability is an arbitrary file write vulnerability that affects in vRealize Operations Manager API that was evaluated as ‘Important’ severity with a CVSSv3 base score of 7.2.

The flaw can be exploited by an authenticated attacker with network access to the vRealize Operations Manager API to write files to arbitrary locations on the underlying photon operating system.

The two vulnerabilities could be chained by a remote attacker to execute arbitrary code on a server giving and carry out multiple attacks on a company’s infrastructure.

VMware fixed CVE-2021-21975 and CVE-2021-21983, which when chained together lead to an unauth RCE in vRealize Operations.

The vulnerabilities were found by our researcher Egor Dimitrenko.

Advisory: https://t.co/WbQwWyCuhS pic.twitter.com/qzEcBqJAg3
— PT SWARM (@ptswarm) March 30, 2021

“On March 30, Positive Technologies published a tweet highlighting the vulnerabilities discovered by Dimitrenko. The tweet disclosed a further risk to unpatched systems in which attackers could achieve unauthenticated RCE on vulnerable systems by chaining both CVE-2021-21975 and CVE-2021-21983 together.” reported Tenable. “No details have been shared publicly as to how this can be achieved, but we anticipate researchers or threat actors to develop a proof-of-concept (PoC) exploit in the near future.”

VMware released the following updates for vRealize Operations to fix the above flaws:

Affected Product	Vulnerable Version	Fixed Version	KB Article
vRealize Operations Manager	8.3.0	vROps-8.3.0-HF3	KB83210
vRealize Operations Manager	8.2.0	vROps-8.2.0-HF4	KB83095
vRealize Operations Manager	8.1.1, 8.1.0	vROps-8.1.1-HF6	KB83094
vRealize Operations Manager	8.0.1, 8.0.0	vROps-8.0.1-HF7	KB83093
vRealize Operations Manager	7.5.0	vROps-7.5.0-HF14	KB82367

The virtualization giant has also provided workaround instructions for CVE-2021-21975 and CVE-2021-21983 that involve modifying the casa-security-context.xml file and restarting the Cluster Analytic (CaSA) service.

Experts urge organizations using vROps to install security patches to address the above vulnerabilities as soon as possible to mitigate the risk of cyber attacks exploiting them.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, RCE)

[adrotate banner=”5″]

[adrotate banner=”13″]

Hacking hacking news information security news IT Information Security malware Pierluigi Paganini RCE Security Affairs Security News VMware vROps

Pierluigi Paganini July 10, 2025

PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda

Pierluigi Paganini July 10, 2025