Enhancement: cves/2021/CVE-2021-21978.yaml by mp

patch-1
MostInterestingBotInTheWorld 2022-05-05 14:21:35 -04:00
parent 7b89a21626
commit 0ec66dea43
1 changed files with 6 additions and 4 deletions

View File

@ -1,16 +1,16 @@
id: CVE-2021-21978
info:
name: VMware View Planner Unauthenticated RCE
name: VMware View Planner - Remote Code Execution
author: dwisiswant0
severity: critical
description: |
This template detects an VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability.
Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application.
VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability due to improper input validation and lack of authorization leading to arbitrary file upload in logupload web application.
An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted
file leading to remote code execution within the logupload container.
reference:
- https://twitter.com/osama_hroot/status/1367258907601698816
- https://nvd.nist.gov/vuln/detail/CVE-2021-21978
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
@ -48,3 +48,5 @@ requests:
- type: dsl
dsl:
- "len(body) == 28" # length of "\nFile uploaded successfully."
# Enhanced by mp on 2022/05/05