Vulnerabilities > CVE-2021-26987

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

vmware

netapp

critical

NVD

Published: 2021-03-15

Updated: 2022-04-07

Summary

Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Remote Code Execution. All versions of Element Plug-in for vCenter Server, Management Services versions prior to 2.17.56 and Management Node versions through 12.2 contain vulnerable versions of SpringBoot Framework.

Vulnerable Configurations

Part	Description	Count
Application	Vmware Vmware Spring Boot 0.5.0 Vmware Spring Boot 1.0.0 Vmware Spring Boot 1.0.1 Vmware Spring Boot 1.0.2 Vmware Spring Boot 1.1.0 Vmware Spring Boot 1.1.1 Vmware Spring Boot 1.1.2 Vmware Spring Boot 1.1.3 Vmware Spring Boot 1.1.4 Vmware Spring Boot 1.1.5 Vmware Spring Boot 1.1.6 Vmware Spring Boot 1.1.7 Vmware Spring Boot 1.1.8 Vmware Spring Boot 1.1.9 Vmware Spring Boot 1.1.10 Vmware Spring Boot 1.1.11 Vmware Spring Boot 1.1.12 Vmware Spring Boot 1.2.0 Vmware Spring Boot 1.2.1 Vmware Spring Boot 1.2.2 Vmware Spring Boot 1.2.3 Vmware Spring Boot 1.2.4 Vmware Spring Boot 1.2.5 Vmware Spring Boot 1.2.6 Vmware Spring Boot 1.2.7 Vmware Spring Boot 1.2.8 Vmware Spring Boot 1.3.0 Vmware Spring Boot 1.3.1	52
Application	Netapp Netapp Solidfire & HCI Management Node - Netapp Solidfire & HCI Management Node 12.2 Netapp Management Services FOR Element Software AND Netapp HCI - Netapp Element Plug IN FOR Vcenter Server *	4

References

https://security.netapp.com/advisory/ntap-20210315-0001/

Vulnerabilities > CVE-2021-26987 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2021-26987"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2021-26987