CVE-2021-21978 – VMware View Planner 4.6 Remote Code Execution

https://notcve.org/view.php?id=CVE-2021-21978

VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted file leading to remote code execution within the logupload container. VMware View Planner versión 4.x anterior a 4.6 Security Parche 1, contiene una vulnerabilidad de ejecución de código remota . Una comprobación inapropiada de la entrada y una falta de autorización conlleva a una carga de archivos arbitraria en una aplicación web logupload. • https://github.com/GreyOrder/CVE-2021-21978 https://github.com/skytina/CVE-2021-21978 https://github.com/me1ons/CVE-2021-21978 http://packetstormsecurity.com/files/161879/VMware-View-Planner-4.6-Remote-Code-Execution.html https://www.vmware.com/security/advisories/VMSA-2021-0003.html https://attackerkb.com/assessments/fc456e03-adf5-409a-955a-8a4fb7e79ece • CWE-20: Improper Input Validation CWE-862: Missing Authorization •