July 9, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – CVE-2021-27277 – SolarWinds Orion Virtual Infrastructure Monitor Vulnerability
March 31, 2021
Rewterz Threat Alert – AZORult Malware – Fresh IOC’s
March 31, 2021
Rewterz Threat Advisory – CVE-2021-27277 – SolarWinds Orion Virtual Infrastructure Monitor Vulnerability
March 31, 2021
Rewterz Threat Alert – AZORult Malware – Fresh IOC’s
March 31, 2021
Severity
High
Analysis Summary
CVE-2021-21975
The vRealize Operations Manager API contains a Server Side Request Forgery. A malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.
CVE-2021-21983
An authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system.
Impact
- Credential theft
- Privilege access
Affected Vendors
VMware
Affected Products
- VMware vRealize Operations
- VMware Cloud Foundation
- vRealize Suite Lifecycle Manager
Remediation
Refer to VMware advisory for the complete list of affected products and their respective patches.
https://www.vmware.com/security/advisories/VMSA-2021-0004.html