3. Authenticated Command Injection Vulnerability in vSphere Replication(CVE-2021-21976)
vSphere Replication contains a post-authentication command injection vulnerability in “Startup Configuration” page. VMware has evaluated this issue to be ‘Important’ severity with a maximum CVSSv3 base score of 7.2.
CPE | Name | Operator | Version |
---|---|---|---|
vsphere replication | lt | 8.3.1.2 | |
vsphere replication | lt | 8.2.1.1 | |
vsphere replication | lt | 8.1.2.3 | |
vsphere replication | lt | 6.5.1.5 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21976
docs.vmware.com/en/vSphere-Replication/6.5/rn/vsphere-replication-651-release-notes.html
docs.vmware.com/en/vSphere-Replication/8.1/rn/vsphere-replication-812-release-notes.html
docs.vmware.com/en/vSphere-Replication/8.2/rn/vsphere-replication-821-release-notes.html
docs.vmware.com/en/vSphere-Replication/8.3/rn/vsphere-replication-8312-release-notes.html
my.vmware.com/web/vmware/downloads/details?downloadGroup=VR8123&productId=742
my.vmware.com/web/vmware/downloads/details?downloadGroup=VR8211&productId=742
my.vmware.com/web/vmware/downloads/details?downloadGroup=VR8312&productId=742
my.vmware.com/web/vmware/downloads/details?productId=614&downloadGroup=VR6515
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H