About VMware
Once again, a software vulnerability of considerable risk was reported by a well-known IT (Information Technology) company. This time, news of high-risk vulnerabilities found within the products belonging to well-known cloud computing and virtualization company VMware, Inc. was released to the public. VMware products, according to the official website, “allows users to create multiple virtual environments, or virtual computer systems, on a single computer or server. Essentially, one computer or server could be used to host, or manage, many virtual computer systems, sometimes as many as one hundred or more.” Their software virtualizes hard drives, video cards, network adapters, and more. The software is innovative and has been around for quite some time allowing safe virtual environments to be created without requiring additional hardware. Furthermore, VMware’s products “save time and money.” VMware is also known more commonly as virtual machine software. The official vulnerability release reports come from VMware’s security advisory web pages.
High-Risk Vulnerability Discovered in Multiple VMware Products
A high-risk vulnerability marked as important was reported on the official VMware web page. The software vulnerability release report was published on August 5th, 2021. It concerns several VMware products and allows a remote attacker to launch SSRF attacks on a vulnerable system.
The Technical Details
Software vulnerabilities are classified with a CVE and CVSS code. These classification systems describe the risk level as well as the risk rating. In this case, the high-risk vulnerability is classified under the CVE (Common Vulnerabilities and Exposures) system as CVE-2021-22002. The description of the vulnerability is as follows; a Server-Side Request Forgery (SSRF). A flaw exists due to insufficient validation of user-supplied input in the /cfg web app and diagnostic endpoint functions in the VMware products listed below. Simply put, a hacker that is not authenticated can gain access to the services in the internal network by exploiting this security flaw (by creating a fake HTTP request that can breach vulnerable system ports.)
Information About Affected VMware Products
Users of VMware products need to know that the affected VMware products are as follows;
VMware Cloud Foundation (vIDM) VMware Identity Manager (vIDM) VMware Workspace One Access VMware vRealize Automation
Information About Vulnerable Software Versions
The following software versions of the above products are vulnerable if unpatched;
Cloud Foundation: 4.0, 4.0.1, 4.1, 4.2, 4.2.1 VMware Identity Manager: 3.3.2, 3.3.3, 3.3.4, 3.3.5 VMware Workspace One Access: 20.01, 20.10, 20.10.01 vRealize Automation: 7.6
A Patchfix is Available
It is important for users to know that a fix is available from VMware that addresses these software issues and security risks. VMware users of the above products should consult this page for fixed version KB85254. According to VMware, this patch remedies the software vulnerabilities.