Lucene search

VMwareVMSA-2021-0001

HistoryFeb 11, 2021 - 12:00 a.m.

vSphere Replication updates address a command injection vulnerability (CVE-2021-21976)

2021-02-1100:00:00

www.vmware.com

7.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.6%

JSON

3. Authenticated Command Injection Vulnerability in vSphere Replication(CVE-2021-21976)

vSphere Replication contains a post-authentication command injection vulnerability in “Startup Configuration” page. VMware has evaluated this issue to be ‘Important’ severity with a maximum CVSSv3 base score of 7.2.

CPENameOperatorVersion
vsphere replicationlt8.3.1.2
vsphere replicationlt8.2.1.1
vsphere replicationlt8.1.2.3
vsphere replicationlt6.5.1.5

Name	Operator	Version
vsphere replication	lt	8.3.1.2
vsphere replication	lt	8.2.1.1
vsphere replication	lt	8.1.2.3
vsphere replication	lt	6.5.1.5

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21976

docs.vmware.com/en/vSphere-Replication/6.5/rn/vsphere-replication-651-release-notes.html

docs.vmware.com/en/vSphere-Replication/8.1/rn/vsphere-replication-812-release-notes.html

docs.vmware.com/en/vSphere-Replication/8.2/rn/vsphere-replication-821-release-notes.html

docs.vmware.com/en/vSphere-Replication/8.3/rn/vsphere-replication-8312-release-notes.html

my.vmware.com/web/vmware/downloads/details?downloadGroup=VR8123&productId=742

my.vmware.com/web/vmware/downloads/details?downloadGroup=VR8211&productId=742

my.vmware.com/web/vmware/downloads/details?downloadGroup=VR8312&productId=742

my.vmware.com/web/vmware/downloads/details?productId=614&downloadGroup=VR6515

www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H