What is CVE-2021-21978?

CVE-2021-21978 is a vulnerability in Vmware View Planner. Published 2021-03-03.

Is CVE-2021-21978 known to be exploited?

52 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Vmware View Planner

CVE-2021-21978

VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attack…

EPSS: 0.905 (99.6th percentile) — read the EPSS interpretation.

Affected products

N/a Vmware View Planner — versions VMware View Planner 4.x prior to 4.6 Security Patch 1

Public proof-of-concept exploits

skytina/CVE-2021-21978
GreyOrder/CVE-2021-21978
me1ons/CVE-2021-21978
rapid7/metasploit-framework
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
EdgeSecurityTeam/Vulnerability
Elsfa7-110/kenzer-templates
HimmelAward/Goby_
J1ezds/Vulnerability-Wiki-page

References

www.vmware.com/security/advisories/VMSA-2021-0003.html (x_refsource_MISC)
packetstormsecurity.com/files/161879/VMware-View-Planner-4.6-Remote-Code-Execut… (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-21978?: CVE-2021-21978 is a vulnerability in Vmware View Planner. Published 2021-03-03.
Is CVE-2021-21978 known to be exploited?: 52 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.