CVE-2021-21978

Name of the Vulnerable Software and Affected Versions VMware View Planner versions prior to 4.6 Security Patch 1

Description The issue is related to the lack of authorization and improper input validation in the logupload web application of VMware View Planner, allowing an unauthorized attacker with network access to upload and execute a specially crafted file, leading to remote code execution within the logupload container. This can be exploited by an attacker to execute arbitrary code.

Recommendations For versions prior to 4.6 Security Patch 1, apply the 4.6 Security Patch 1 to resolve the issue. As a temporary workaround, consider restricting access to the logupload web application to minimize the risk of exploitation. Avoid using the logupload feature until the issue is resolved.