CVE-2021-21978

VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted file leading to remote code execution within the logupload container.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vmwareCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
vmwareview_planner
4.0 ≤
𝑥
< 4.6
vmwareview_planner
4.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/161879/VMware-View-Planner-4.6-Remote-Code-Execution.html
https://www.vmware.com/security/advisories/VMSA-2021-0003.html
http://packetstormsecurity.com/files/161879/VMware-View-Planner-4.6-Remote-Code-Execution.html
https://www.vmware.com/security/advisories/VMSA-2021-0003.html