CVE-2021-26987

2021-03-1521:28:13

netapp

www.cve.org

9.8 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.5%

JSON

Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Remote Code Execution. All versions of Element Plug-in for vCenter Server, Management Services versions prior to 2.17.56 and Management Node versions through 12.2 contain vulnerable versions of SpringBoot Framework.

CNA Affected

[
  {
    "product": "Element Plug-in for vCenter Server",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "Management Services for Element Software and NetApp HCI",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "versions prior to 2.17.56"
      }
    ]
  },
  {
    "product": "NetApp SolidFire & HCI Management Node",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "versions through 12.2"
      }
    ]
  }
]

References

security.netapp.com/advisory/ntap-20210315-0001/