CRITICAL✓ PATCH🇬🇧 English

CVE-2021-26987

CVSS 9.8v3.1pub. 2021-03-15upd. 2024-11-21

Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Remote Code Execution. All versions of Element Plug-in for vCenter Server, Management Services versions prior to 2.17.56 and Management Node versions through 12.2 contain vulnerable versions of SpringBoot Framework.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Netapp Element Plug In For Vcenter Server

    APP
    Netapp
    wszystkie wersje
  • Netapp Management Services For Element Software And Netapp Hci

    APP
    Netapp
    < 2.17.56
  • Netapp Solidfire \& Hci Management Node

    APP
    Netapp
    ≤ 12.2
  • VMware Spring Boot

    APP
    Vmware
    < 1.3.2
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2026-40976CRITICAL9.1PL ✓ten sam produkt

VMware Spring Boot: nieefektywna domyślna ochrona web security — nieautoryzowany dostęp

CVE-2024-40896CRITICAL9.1PL ✓ten sam produkt

XXE w bibliotece libxml2 — obejście niestandardowych handlerów SAX

CVE-2023-44794CRITICAL9.8ten sam produkt

An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a cr...

CVE-2023-38428CRITICAL9.1ten sam produkt

An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb2pdu.c in ksmbd does not properly check ...

CVE-2023-38431CRITICAL9.1ten sam produkt

An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connection.c in ksmbd does not validat...