CVE-2021-26987

Опубликовано: 15 мар. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Remote Code Execution. All versions of Element Plug-in for vCenter Server, Management Services versions prior to 2.17.56 and Management Node versions through 12.2 contain vulnerable versions of SpringBoot Framework.

Ссылки

https://security.netapp.com/advisory/ntap-20210315-0001/
Vendor Advisory
https://security.netapp.com/advisory/ntap-20210315-0001/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vmware:spring_boot:*:*:*:*:*:*:*:*

Версия до 1.3.2 (исключая)

Конфигурация 2

Одно из

cpe:2.3:a:netapp:element_plug-in_for_vcenter_server:*:*:*:*:*:*:*:*

cpe:2.3:a:netapp:management_services_for_element_software_and_netapp_hci:*:*:*:*:*:*:*:*

Версия до 2.17.56 (исключая)

cpe:2.3:a:netapp:solidfire_\&_hci_management_node:*:*:*:*:*:*:*:*

Версия до 12.2 (включая)

EPSS

Процентиль: 83%

0.0187

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-mw37-3gfp-wqjj