Remote Code Execution Vulnerability in Element Plug-in for vCenter Server

Remote Code Execution Vulnerability in Element Plug-in for vCenter Server

CVE-2021-26987 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Remote Code Execution. All versions of Element Plug-in for vCenter Server, Management Services versions prior to 2.17.56 and Management Node versions through 12.2 contain vulnerable versions of SpringBoot Framework.

Learn more about our Cis Benchmark Audit For Server Software.