Vulnerability Description
VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted file leading to remote code execution within the logupload container.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | View Planner | >= 4.0, < 4.6 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/161879/VMware-View-Planner-4.6-Remote-Code-ExploitThird Party AdvisoryVDB Entry
- https://www.vmware.com/security/advisories/VMSA-2021-0003.htmlVendor Advisory
- http://packetstormsecurity.com/files/161879/VMware-View-Planner-4.6-Remote-Code-ExploitThird Party AdvisoryVDB Entry
- https://www.vmware.com/security/advisories/VMSA-2021-0003.htmlVendor Advisory
FAQ
What is CVE-2021-21978?
CVE-2021-21978 is a vulnerability with a CVSS score of 9.8 (CRITICAL). VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in logupload ...
How severe is CVE-2021-21978?
CVE-2021-21978 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-21978?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware View Planner.