CVE-2021-26987
moderate-risk
Published 2021-03-15
Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Remote Code Execution. All versions of Element Plug-in for vCenter Server, Management Services versions prior to 2.17.56 and Management Node versions through 12.2 contain vulnerable versions of SpringBoot Framework.
Do I need to act?
~
1.9% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (4)
Spring Boot
Management Services For Element Software And Netapp Hci
References (2)
Vendor Advisory
https://security.netapp.com/advisory/ntap-20210315-0001/
Vendor Advisory
https://security.netapp.com/advisory/ntap-20210315-0001/
47
/ 100
moderate-risk
Severity
32/34 · Critical
Exploitability
5/34 · Minimal
Exposure
10/34 · Low