CVE-2021-1498
Cisco HyperFlex HX Data Platform Command Injection Vulnerability
CVSS
—
No CVSS
EPSS
100.0%
p100
KEV
YES
Nov 3, 2021
Exploit Today
80
0-100
Published: — · Last modified: —
100.0%EPSS · 30 days100.0%
2026-06-302026-07-16
Product
Cisco / HyperFlex HX
Vulnerability
Cisco HyperFlex HX Data Platform Command Injection Vulnerability
Added to KEV
Nov 3, 2021
Remediate by
Nov 17, 2021
Known ransomware use
No
Summary description
Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the tomcat8 user.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-1498
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2021-1497—100.0%
KEV—80Cisco HyperFlex HX Installer Virtual Machine Command Injection Vulnerability—