VMware Releases Security Update for Remote Code Execution Vulnerability CVE-2021-21978

Threat ID:: CC-3780
Threat Severity:: Information only
Published:: 5 March 2021 1:27 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Affected platforms

The following platforms are known to be affected:

VMware View Planner

Threat details

Introduction

VMware has released an update to address a vulnerability in VMware View Planner. An attacker could exploit this vulnerability to take control of an affected system.

Remediation advice

Organisations are encouraged to review VMware security advisory VMSA-2021-0003 and apply any necessary updates.

CVE Vulnerabilities

Status Published

CVE-2021-21978

VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted file leading to remote code execution within the logupload container.

Last edited: 11 March 2021 12:17 pm