Security Advisory VMSA-2021-0018

Yesterday VMware released  IMPORTANT Security Advisory for vRealize Operations Manager,

Please see below information on VMSA-2021-0018, Important Notes, and Security Patch PAK to address this Security Advisory:

Security Advisory

VMSA-2021-0018 – VMware vRealize Operations update addresses multiple security vulnerabilities (CVE-2021-22022,  CVE-2021-22023CVE-2021-22024CVE-2021-22025CVE-2021-22026CVE-2021-22027) with a maximum CVSSv3 base score of 8.6.

Known Attack Vectors

An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information disclosure. 

Important Notes

Security Patch PAK – Patch Portal (to address advisory)

  • vRealize Operations Manager 8.1.1 – [ Release Name – vROps-8.1.1-HF8 ]
  • vRealize Operations Manager 8.2.0 – [ Release Name – vROps-8.2.0-HF7 ]
  • vRealize Operations Manager 8.3.0 – [ Release Name – vROps-8.3.0-HF6 ]
  • vRealize Operations Manager 8.4.0 – [ Release Name – vROps-8.4.0-HF2 ]

KB Article (to address advisory)

*    vRealize Operations 8.1.1 Security Patch for VMSA-2021-0018 (85380)
*    vRealize Operations 8.4 Security Patch for VMSA-2021-0018 (85383)
*    vRealize Operations Security Patch for VMSA-2021-0018 in vRealize Suite Lifecycle Manager (85452)

Please like and share to spread the knowledge in the community.

Visit my FB page:

Subscribe to my YouTube channel:

Please leave the comment