VMware Security Announcement VMSA-2021-0003. Rated Important with a CVSSv3 Score of 8.6

Today VMware released a new Security advisory VMSA-2021-0003. This Advisory affects VMware View Planner, the update addresses remote code execution vulnerability (CVE-2021-21978) This Update has a CVSSv3 Score of 8.6.

Impacted Products
  • VMware View Planner

Advisory Details

Description

VMware View Planner contains a remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.6.

Known Attack Vectors

Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted file leading to remote code execution within the logupload container.

Resolution

For VMWare View Planner 4.6, Apply View Planner 4.6 Security Patch 1. Download and release note links will be provided below.

References

VMware View Planner 4.6 Security Patch 1
Download: https://my.vmware.com/web/vmware/downloads/details?downloadGroup=VIEW-PLAN-460&productId=1067&rPId=53394
Release Notes: https://docs.vmware.com/en/VMware-View-Planner/4.6/rn/VMware-View-Planner-46-Release-Notes.html
Documentation: https://docs.vmware.com/en/VMware-View-Planner/4.6/user-guide/GUID-7B89FA3E-6553-4756-81E0-EF8BE93F5F9C.html

Official Advisory

VMSA-2021-0003 (vmware.com)

Thanks for Reading!