CVE-2021-21978
VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- January 04, 2021
- Published Date
- March 03, 2021
- Last Updated
- August 03, 2024
- Vendor
- n/a
- Product
- VMware View Planner
- Description
- VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted file leading to remote code execution within the logupload container.
CVSS Scores
EPSS Score
- Score
- 93.51% (Percentile: 99.81%) as of 2025-04-29
Exploit Status
- Exploited in the Wild
- Yes (added 2025-04-22 00:00:00 UTC) Source
References
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| The Shadowserver (via CIRCL) | 2025-04-22 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/vmware_view_planner_4_6_uploadlog_rce.rb | 2025-04-29 11:01:15 UTC |
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-21978.yaml | 2025-04-26 00:00:00 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
vmware_view_planner_4_6_uploadlog_rce
Type: metasploit • Created: Unknown
Metasploit module for CVE-2021-21978
skytina/CVE-2021-21978
Type: github • Created: 2021-03-05 08:15:27 UTC • Stars: 25
带回显版本的漏洞利用脚本
me1ons/CVE-2021-21978
Type: github • Created: 2021-03-05 04:33:19 UTC • Stars: 5
CVE-2021-21978 EXP
GreyOrder/CVE-2021-21978
Type: github • Created: 2021-03-05 03:58:33 UTC • Stars: 23
CVE-2021-21978 exp