CVE-2021-26987

Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Remote Code Execution. All versions of Element Plug-in for vCenter Server, Management Services versions prior to 2.17.56 and Management Node versions through 12.2 contain vulnerable versions of SpringBoot Framework.

Published: Mar 15, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-26987
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
vmware / spring_boot	-	1.3.2
netapp / solidfire_&_hci_management_node	-	12.2.x
netapp / management_services_for_element_software_and_netapp_hci	-	2.17.56
netapp / element_plug-in_for_vcenter_server	-	-

https://security.netapp.com/advisory/ntap-20210315-0001/

Vulnerability Database

289,697

CVE-2021-26987