3a. VMware Tanzu Application service for VMs updates address a denial-of-service vulnerability (CVE-2021-22101)
VMware Tanzu Application Service for VMs uses Cloud Controller (CAPI) from Cloud Foundry which is vulnerable to an unauthenticated denial-of-service(DoS) vulnerability. VMware has evaluated this issue to be ‘Important’ severity with a maximum CVSSv3 base score of 7.5.
cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-22101
docs.pivotal.io/application-service/2-10/release-notes/runtime-rn.html
docs.pivotal.io/application-service/2-11/release-notes/runtime-rn.html
docs.pivotal.io/application-service/2-12/release-notes/runtime-rn.html
docs.pivotal.io/application-service/2-7/release-notes/runtime-rn.html
docs.pivotal.io/application-service/2-9/release-notes/runtime-rn.html
network.pivotal.io/products/elastic-runtime#/releases/976752
network.pivotal.io/products/elastic-runtime#/releases/977821
network.pivotal.io/products/elastic-runtime#/releases/978504
network.pivotal.io/products/elastic-runtime#/releases/978786
network.pivotal.io/products/elastic-runtime#/releases/979089
www.cloudfoundry.org/blog/cve-2021-22101-cloud-controller-is-vulnerable-to-unauthenticated-denial-of-service/
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H