Published: 03/03/2021 Updated: 08/08/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

VMware View Planner 4.x before 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted file leading to remote code execution within the logupload container.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vmware view planner 4.6
vmware view planner

CVE-2021-21978 exp

CVE-2021-21978 CVE-2021-21978 RCE exp 影响版本 VMware View Planner Harness 4X 与 CVE-2021-21978 类似，该漏洞可以在未授权访问的情况下，上传任意文件，并通过修改自带 py 脚本实现远程代码执行。值得注意的是，执行命令是在 docker 容器中，并不是直接在系统中执行。用法： go run CVE-2021-21978go -h &lt

CVE-2021-26855-PoC PoC exploit code for CVE-2021-26855 Original code was developed by githubcom/GreyOrder The original repo was deleted shortly after additional features (user enumeration etc) were added Please post a pull request, if you have the latest version CVE-2021-26855 ssrf simple use of golang exercises Affected version: Exchange Server 2013 is less than

CVE-2021-21978 EXP

CVE-2021-21978 CVE-2021-21978 EXP VMware View Planner RCE CVE-2021-21978 反弹shell

带回显版本的漏洞利用脚本

CVE-2021-21978 带回显版本的漏洞利用脚本，更简单的方式 0 漏洞信息 VMware View Planner Web管理界面存在一个上传日志功能文件的入口，没有进行认证且写入的日志文件路径用户可控，通过覆盖上传日志功能文件log_upload_wsgipy，即可实现RCE 漏洞代码： def application(environ, start_response): loggerd

CWE-20 CWE-862 https://www.vmware.com/security/advisories/VMSA-2021-0003.html http://packetstormsecurity.com/files/161879/VMware-View-Planner-4.6-Remote-Code-Execution.html https://nvd.nist.gov https://github.com/GreyOrder/CVE-2021-21978

CVE-2021-21978

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect