Monday 15 February 2021
The impact of this issue announcement is high. Please act accordingly to rectify the issue, as stated below.
What's affected:
vSphere Replication
What you need to know:
Virtualisation leader VMware announced via VMSA-2021-0001 that vSphere Replication contains a post-authentication command injection vulnerability in its “Startup Configuration” page (CVE-2021-21976) and that a patch has been released.
Actions to be taken:
To remediate CVE-2021-21976, apply the patches listed in the Fixed Version column of the Resolution Matrix found in VMSA-2021-0001.