Preface: The Secure Development Lifecycle – From requirements to design, coding to test, the SDL strives to build security into a product or application at every step in the development process.
Background: VMware View Planner is a workload generator that simulates typical user operations such as typing in Microsoft Word, playing a PowerPoint slideshow, reading Outlook emails, browsing PDF and Web pages and watching video.
Vulnerability details: The VMware View Planner Web management interface has an entry for uploading log function files.
The path of the log file written without authentication is user-controllable.
By overwriting the uploading log function file by crafted python script, RCE can be realized.
Remedy: Official details refer to link – https://www.vmware.com/security/advisories/VMSA-2021-0003.html