CVE-2021-21978

CVE Database · CVE-2021-21978

CVE-2021-21978

· CRITICALModified

CVSS v3.1

9.8

EPSS

98.95%

Published

Mar 3, 2021

Modified

Nov 21, 2024

Public PoC / Exploit (2)

All weaponized →

NucleiNuclei detection template TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted file leading to remote code execution within the logupload container.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-20CWE-862

Affected Products (2)

vmware · view_planner (up to 4.6)vulnerable

vmware · view_plannervulnerable

References (4)

http://packetstormsecurity.com/files/161879/VMware-View-Planner-4.6-Remote-Code-Execution.html

ExploitThird Party AdvisoryVDB Entry

https://www.vmware.com/security/advisories/VMSA-2021-0003.html

Vendor Advisory

http://packetstormsecurity.com/files/161879/VMware-View-Planner-4.6-Remote-Code-Execution.html

ExploitThird Party AdvisoryVDB Entry

https://www.vmware.com/security/advisories/VMSA-2021-0003.html

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs