CVE-2021-21984: VMware vRealize Business for Cloud remote code execution vulnerability
VMware vRealize Business for Cloud automates cloud costing analysis, consumption metering, cloud comparison, and planning, delivering the cost visibility and business insights you need to run your cloud more efficiently.
On May 5, 2021, VMware released a risk notice for vRealize Business for Cloud to fix remote code execution vulnerability. The CVE vulnerability number is CVE-2021-21984 with the CVSSv3 score of 9.8.
Vulnerability Detail
VMware vRealize Business for Cloud contains a remote code execution vulnerability due to an unauthorised end point. A malicious actor with network access may exploit this issue causing unauthorised remote code execution on vRealize Business for Cloud Virtual Appliance.
Affected version
- VMware vRealize Business for Cloud < 7.6
Solution
In this regard, we recommend that users upgrade vRealize Business for Cloud to the latest version in time.
