VMware Security Announcement VMSA-2021-0007, Critical Alert CVSSv3 Score 9.8

VMware released a new Security advisory today VMSA-2021-0007. This affects VMware vRealize Business for Cloud, the updates address a remote code execution vulnerability (CVE-2021-21984)

Impacted Products
  • VMware vRealize Business for Cloud
Introduction

A remote code execution vulnerability in VMware vRealize Business for Cloud was privately reported to VMware. Updates are available to remediate this vulnerability in affected VMware product.

VMware vRealize Business for Cloud update addresses remote code execution vulnerability (CVE-2021-21984)

Description

VMware vRealize Business for Cloud contains a remote code execution vulnerability due to an unauthorised end point. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

Known Attack Vectors

A malicious actor with network access may exploit this issue causing unauthorised remote code execution on vRealize Business for Cloud Virtual Appliance.

Resolution

To remediate vRealize Business for Cloud version 7.6 follow the instruction in this KB Article. vRealize Business for Cloud 7.6 Security Build for VMSA-2021-0007 (83475) (vmware.com)

To resolve this exploit, download and install the correct Security Patch version that matches your version of vRealize Business.

  1. Download the vRealize Business for Cloud 7.6 Security Patch ISO file from the VMware Downloads page.

Note: Select vRealize Business for Cloud as the Product and select 7.6.0 as the version and click Search.

Select the option below.

Release Name    vRealize Business for Cloud 7.6 security release05/05/202117828140vRealize-Business-for-Cloud-7.6.0.46000-17828140-updaterepo.iso

  1. Connect the vRealize Business for Cloud  Server Appliance CD-ROM drive to the ISO file that you downloaded.
  2. Log in to VAMI portal of vRealize Business for Cloud using root credentials
  3. Click on the Update tab of the VAMI UI.
  4. Click on the Settings under Update tab.
  5. Select Use CDROM Updates under Update Repository and mount the path where you have uploaded ISO file and Save Settings.
  6. Click on Install Updates under Status tab to upgrade to this build.
References

Remediation and Workarounds:

VMware vRealize Business for Cloud
7.6.0: https://kb.vmware.com/s/article/83475

Link to official advisory

VMSA-2021-0007 (vmware.com)

Thanks for reading