VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted file leading to remote code execution within the logupload container.
References
Link | Resource |
---|---|
https://www.vmware.com/security/advisories/VMSA-2021-0003.html | Vendor Advisory |
http://packetstormsecurity.com/files/161879/VMware-View-Planner-4.6-Remote-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
Information
Published : 2021-03-03 10:15
Updated : 2021-03-26 12:59
NVD link : CVE-2021-21978
Mitre link : CVE-2021-21978
JSON object : View
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type
Products Affected
vmware
- view_planner