The vulnerability of the monitoring tool for virtual infrastructure vRealize Operations, a platform for virtualization at VMware Cloud Foundation, and the application lifecycle management software vRealize Suite Lifecycle Manager lies in insufficient validation of incoming requests, allowing attackers to disclose sensitive information.

The vulnerability of the monitoring tool for the virtual infrastructure vRealize Operations, the VMware Cloud Foundation virtualization platform, and the vRealize Suite Lifecycle Manager software management tool is related to insufficient checking of incoming requests. Exploiting this vulnerabili...

CVE-2021-22027

The vRealize Operations Manager API 8.x prior to 8.5 contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure...

CVE-2021-22023

The vRealize Operations Manager API 8.x prior to 8.5 has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modify other users information leading to an account takeover...

CVE-2021-22025

The vRealize Operations Manager API 8.x prior to 8.5 contains a broken access control vulnerability leading to unauthenticated API access. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can add new nodes to existing vROps cluster...

Vulnerabilities fixed in VMware vRealize Operations Manager

There are two vulnerabilities in VMware vRealize Operations Manager. These vulnerabilities, if exploited, can lead to the execute arbitrary code with administrator privileges on the Application Remote Collector ARC and all virtual systems on which an ARC Telegraph agent is installed. VMWare has...