CyberSec.Space Logo
Back to CVE Browser

CVE-2021-26987

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1630%
EPSS Percentile27.06th
PublishedMar 15, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Remote Code Execution. All versions of Element Plug-in for vCenter Server, Management Services versions prior to 2.17.56 and Management Node versions through 12.2 contain vulnerable versions of SpringBoot Framework.

Affected Platforms (CPE)

πŸ“¦
Vmware

Spring Boot

< 1.3.2
πŸ“¦
Netapp

Element Plug In For Vcenter Server

All versions
πŸ“¦
Netapp

Management Services For Element Software And Netapp Hci

< 2.17.56
πŸ“¦
Netapp

Solidfire \& Hci Management Node

<= 12.2

References & Advisories

πŸ”— https://security.netapp.com/advisory/ntap-20210315-0001/
πŸ”— https://security.netapp.com/advisory/ntap-20210315-0001/

Related Vulnerabilities

CVE-2021-390529.8

IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to access the Spring Boot console without autho...

CVE-2021-413039.8

Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication ...

CVE-2019-91869.8

In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to ...

CVE-2017-80469.8

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0....