vSphere Replication updates address a command injection vulnerability (CVE-2021-21976)
vSphere Replication contains a post-authentication command injection vulnerability in “Startup Configuration” page. VMware has evaluated this issue to be ‘Important’ severity with a maximum CVSSv3 base score of 7.2.
A malicious actor with administrative access in vSphere Replication can execute shell commands on the underlying system. Successful exploitation of this issue may allow authenticated admin user to perform a remote code execution.
To remediate CVE-2021-21976, apply the relevant patches.
Further information and patch details at – https://www.vmware.com/security/advisories/VMSA-2021-0001.html
I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.