VMware released patches for a number of vRealize Operations vulnerabilities this week, including four that are high severity.
The most serious of them is CVE-2021-22025 (CVSS 8.6), which is described as a broken access control flaw in the vRealize Operations Manager API. An attacker who successfully exploits the flaw can acquire unauthenticated API access.
An unauthenticated attacker with network access to the vRealize Operations Manager API can exploit the flaw to add new nodes to an existing vROps cluster, according to VMware.
To Read More: securityweek
For more such updates follow us on Google News ITsecuritywire News.