Perhaps you will forget, vulnerability in VMware View Planner (CVE-2021-21978) – 21st March 2021

Preface: The Secure Development Lifecycle – From requirements to design, coding to test, the SDL strives to build security into a product or application at every step in the development process.

Background: VMware View Planner is a workload generator that simulates typical user operations such as typing in Microsoft Word, playing a PowerPoint slideshow, reading Outlook emails, browsing PDF and Web pages and watching video.

Vulnerability details: The VMware View Planner Web management interface has an entry for uploading log function files.
The path of the log file written without authentication is user-controllable.
By overwriting the uploading log function file by crafted python script, RCE can be realized.

Remedy: Official details refer to link – https://www.vmware.com/security/advisories/VMSA-2021-0003.html

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.