← Voltar para CVEs

CVE-2021-21978

CRITICAL

9.8

Descricao

VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted file leading to remote code execution within the logupload container.

Detalhes CVE

Pontuacao CVSS v3.19.8

SeveridadeCRITICAL

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioNONE

Publicado3/3/2021

Ultima modificacao11/21/2024

Fontenvd

Avistamentos honeypot0

Produtos afetados

vmware:view_planner

Fraquezas (CWE)

CWE-20CWE-862

Referencias

http://packetstormsecurity.com/files/161879/VMware-View-Planner-4.6-Remote-Code-Execution.html(security@vmware.com)

https://www.vmware.com/security/advisories/VMSA-2021-0003.html(security@vmware.com)

http://packetstormsecurity.com/files/161879/VMware-View-Planner-4.6-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)

https://www.vmware.com/security/advisories/VMSA-2021-0003.html(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.