VMware Security Announcement VMSA-2021-0003. Rated Important with a CVSSv3 Score of 8.6
Today VMware released a new Security advisory VMSA-2021-0003. This Advisory affects VMware View Planner, the update addresses remote code execution vulnerability (CVE-2021-21978) This Update has a CVSSv3 Score of 8.6.
- VMware View Planner
VMware View Planner contains a remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.6.
Known Attack Vectors
Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted file leading to remote code execution within the logupload container.
For VMWare View Planner 4.6, Apply View Planner 4.6 Security Patch 1. Download and release note links will be provided below.
VMware View Planner 4.6 Security Patch 1
Release Notes: https://docs.vmware.com/en/VMware-View-Planner/4.6/rn/VMware-View-Planner-46-Release-Notes.html
Thanks for Reading!