VMware has published security updates to address a high severity vulnerability in vRealize Operations that could allow attackers to steal admin credentials after exploiting vulnerable servers.

vRealize Operations is an AI-powered and "self-driving" IT operations management for private, hybrid, and multi-cloud environments, available as an on-premises or SaaS solution.

The vulnerability was discovered and reported to VMware by Positive Technologies web security researcher Egor Dimitrenko.

The vulnerability tracked as CVE-2021-21975 is caused by a Server Side Request Forgery bug in the vRealize Operations Manager API.

VMware rated the security flaw as high severity giving it a base score of 8.6 out of 10.

Details on how to get the security patch for vRealize Operations are available in the articles linked below:

• vRealize Operations 7.5.0 Security Patch

• vRealize Operations 8.0.1/8.0.0 Security Patch

• vRealize Operations 8.1.1/8.1.0 Security Patch

• vRealize Operations 8.2.0 Security Patch

• vRealize Operations 8.3.0 Security Patch

Source: bleepingcomputer.com