Vulnerability Description
Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Remote Code Execution. All versions of Element Plug-in for vCenter Server, Management Services versions prior to 2.17.56 and Management Node versions through 12.2 contain vulnerable versions of SpringBoot Framework.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Spring Boot | < 1.3.2 |
| Netapp | Element Plug-In For Vcenter Server | All versions |
| Netapp | Management Services For Element Software And Netapp Hci | < 2.17.56 |
| Netapp | Solidfire \& Hci Management Node | <= 12.2 |
References
- https://security.netapp.com/advisory/ntap-20210315-0001/Vendor Advisory
- https://security.netapp.com/advisory/ntap-20210315-0001/Vendor Advisory
FAQ
What is CVE-2021-26987?
CVE-2021-26987 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Re...
How severe is CVE-2021-26987?
CVE-2021-26987 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-26987?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Spring Boot, Netapp Element Plug-In For Vcenter Server, Netapp Management Services For Element Software And Netapp Hci, Netapp Solidfire \& Hci Management Node.