PT-2021-17213 · Unknown+1 · Ap Management Service+4
Published
2021-03-15
·
Updated
2022-04-07
·
CVE-2021-26987
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Element Plug-in for vCenter Server versions prior to 1.3.2
Management Services versions prior to 2.17.56
Management Node versions through 12.2
Description:
The issue affects the SpringBoot Framework, which is incorporated into the Element Plug-in for vCenter Server. Versions of SpringBoot Framework prior to 1.3.2 are susceptible to a vulnerability that could lead to Remote Code Execution when successfully exploited.
Recommendations:
For Element Plug-in for vCenter Server, update the SpringBoot Framework to version 1.3.2 or later.
For Management Services, update to version 2.17.56 or later.
For Management Node, update to a version later than 12.2.
As a temporary workaround, consider restricting access to the SpringBoot Framework until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Element Plug-In For Vcenter Server
Management Node
Ap Management Service
Springboot Framework
Vcenter Server