BankInfoSecurity
Compliance Twitter Get Permission
VMware has issued patches for a critical vulnerability in its virtual desktop deployment platform, View Planner, which could enable remote code execution.
The vulnerability, CVE-2021-21978, has a CVSS ranking of 8.6, considered highly critical. The flaw is caused by improper input validation and lack of authorization, resulting in arbitrary file upload in VMware s View Planner web application. An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted file leading to remote code execution within the log upload container, VMware notes.
VMware issued patches for the vulnerability on Tuesday and urged affected customers to immediately apply the fixes. The flaw was identified by a researcher at security firm Positive Technologies.