Enhancement: cves/2021/CVE-2021-21978.yaml by mp

cves/2021/CVE-2021-21978.yaml

@@ -1,16 +1,16 @@
 id: CVE-2021-21978
 
 info:
-  name: VMware View Planner Unauthenticated RCE
+  name: VMware View Planner - Remote Code Execution
   author: dwisiswant0
   severity: critical
   description: |
-    This template detects an VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability.
+    VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability due to improper input validation and lack of authorization leading to arbitrary file upload in logupload web application.
-    Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application.
     An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted
     file leading to remote code execution within the logupload container.
   reference:
     - https://twitter.com/osama_hroot/status/1367258907601698816
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-21978
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
@@ -47,4 +47,6 @@ requests:
         part: body
       - type: dsl
         dsl:
-          - "len(body) == 28" # length of "\nFile uploaded successfully."
+          - "len(body) == 28" # length of "\nFile uploaded successfully."
+
+# Enhanced by mp on 2022/05/05