vSphere Replication contains a post-authentication command injection vulnerability in “Startup Configuration” page. VMware has evaluated this issue to be ‘Important’ severity with a maximum CVSSv3 base score of 7.2.
A malicious actor with administrative access in vSphere Replication can execute shell commands on the underlying system. Successful exploitation of this issue may allow authenticated admin user to perform a remote code execution.
To remediate CVE-2021-21976, apply the relevant patches.
Further information and patch details at – https://www.vmware.com/security/advisories/VMSA-2021-0001.html