VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted file leading to remote code execution within the logupload container.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/161879/VMware-View-Planner-4.6-Remote-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
https://www.vmware.com/security/advisories/VMSA-2021-0003.html | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: vmware
Published: 2021-03-03T17:44:25
Updated: 2021-03-19T18:06:20
Reserved: 2021-01-04T00:00:00
Link: CVE-2021-21978
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-03-03T18:15:14.177
Modified: 2023-08-08T14:21:49.707
Link: CVE-2021-21978
JSON object: View
Redhat Information
No data.