CVE-2021-21978

VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of...

Basic Information

CVE State: PUBLISHED
Reserved Date: January 04, 2021
Published Date: March 03, 2021
Last Updated: August 03, 2024
Vendor: n/a
Product: VMware View Planner
Description: VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted file leading to remote code execution within the logupload container.
Tags

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Source	Added Date
The Shadowserver (via CIRCL)	2025-04-22 00:00:00 UTC

Scanner	URL	Date Detected
Metasploit	https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/vmware_view_planner_4_6_uploadlog_rce.rb	2025-04-29 11:01:15 UTC
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-21978.yaml	2025-04-26 00:00:00 UTC

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

Type: metasploit • Created: Unknown

Metasploit module for CVE-2021-21978

Type: github • Created: 2021-03-05 08:15:27 UTC • Stars: 25

带回显版本的漏洞利用脚本

Type: github • Created: 2021-03-05 04:33:19 UTC • Stars: 5

CVE-2021-21978 EXP

Type: github • Created: 2021-03-05 03:58:33 UTC • Stars: 23

CVE-2021-21978 exp