CVE-2021-1498 - Cisco HyperFlex HX Data Platform Command Injection Vulnerability
Project:Cisco
Product:HyperFlex HX
Date Added:2021-11-03Due Date:2021-11-17
Vulnerability Name
Cisco HyperFlex HX Data Platform Command Injection Vulnerability
Description
Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the tomcat8 user.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions.
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-1498