Rewterz Threat Advisory – 4 Actively Exploited 0- Days Flaws in Microsoft Exchange
March 3, 2021Rewterz Threat Advisory – New Chrome 0-day Bug Under Active Attacks
March 3, 2021Rewterz Threat Advisory – 4 Actively Exploited 0- Days Flaws in Microsoft Exchange
March 3, 2021Rewterz Threat Advisory – New Chrome 0-day Bug Under Active Attacks
March 3, 2021Severity
High
Analysis Summary
CVE-2021-21978
Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted file leading to remote code execution within the logupload container.
Impact
Remote code execution
Affected Vendors
VMware
Affected Products
VMware View Planner
Remediation
Refer to vendor advisory for the complete list of affected products and their respective patches.
https://www.vmware.com/security/advisories/VMSA-2021-0003.html