CVE-2021-26987

3 documents3 sources

Severity

9.8CRITICAL

EPSS

1.9%

top 16.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netapp Management Services FOR Element Software AND Netapp HCI Vmware Spring Boot Netapp Solidfire \& HCI Management Node

Timeline

PublishedMar 15

Latest updateMay 24

Description

Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Remote Code Execution. All versions of Element Plug-in for vCenter Server, Management Services versions prior to 2.17.56 and Management Node versions through 12.2 contain vulnerable versions of SpringBoot Framework.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages6 packages

▶CVEListV5element_plug-in_for_vcenter_serverAll versions

▶CVEListV5management_services_for_element_software_and_netapp_hciversions prior to 2.17.56

▶NVDvmware/spring_boot< 1.3.2

▶NVDnetapp/management_services< 2.17.56

▶NVDnetapp/solidfire_\&_hci_management_node12.2

🔴Vulnerability Details

GHSA

GHSA-mw37-3gfp-wqjj: Element Plug-in for vCenter Server incorporates SpringBoot Framework↗2022-05-24

▶

CVEList

CVE-2021-26987: Element Plug-in for vCenter Server incorporates SpringBoot Framework↗2021-03-15

▶