Command injection

2021-02-1121:15:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.6%

JSON

vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8.1.x prior to 8.1.2.3 and 6.5.x prior to 6.5.1.5 contain a post-authentication command injection vulnerability which may allow an authenticated admin user to perform a remote code execution.

CPENameOperatorVersion
vsphere_replicationge6.5.0
vsphere_replicationlt6.5.1.5
vsphere_replicationge8.1.0
vsphere_replicationlt8.1.2.3
vsphere_replicationge8.2.0
vsphere_replicationlt8.2.1.1
vsphere_replicationge8.3.0
vsphere_replicationlt8.3.1.2

Name	Operator	Version
vsphere_replication	ge	6.5.0
vsphere_replication	lt	6.5.1.5
vsphere_replication	ge	8.1.0
vsphere_replication	lt	8.1.2.3
vsphere_replication	ge	8.2.0
vsphere_replication	lt	8.2.1.1
vsphere_replication	ge	8.3.0
vsphere_replication	lt	8.3.1.2

References

www.vmware.com/security/advisories/VMSA-2021-0001.html