CVE-2021-26987

CVE Database · CVE-2021-26987

CVE-2021-26987

· CRITICALModified

CVSS v3.1

9.8

EPSS

2.44%

Published

Mar 15, 2021

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Remote Code Execution. All versions of Element Plug-in for vCenter Server, Management Services versions prior to 2.17.56 and Management Node versions through 12.2 contain vulnerable versions of SpringBoot Framework.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products (4)

vmware · spring_boot (up to 1.3.2)vulnerable

netapp · element_plug-in_for_vcenter_servervulnerable

netapp · management_services_for_element_software_and_netapp_hci (up to 2.17.56)vulnerable

netapp · solidfire_\&_hci_management_nodevulnerable

References (2)

https://security.netapp.com/advisory/ntap-20210315-0001/

Vendor Advisory

https://security.netapp.com/advisory/ntap-20210315-0001/

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs