Enhancement: cves/2021/CVE-2021-21978.yaml by mp
parent
7b89a21626
commit
0ec66dea43
|
@ -1,16 +1,16 @@
|
|||
id: CVE-2021-21978
|
||||
|
||||
info:
|
||||
name: VMware View Planner Unauthenticated RCE
|
||||
name: VMware View Planner - Remote Code Execution
|
||||
author: dwisiswant0
|
||||
severity: critical
|
||||
description: |
|
||||
This template detects an VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability.
|
||||
Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application.
|
||||
VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability due to improper input validation and lack of authorization leading to arbitrary file upload in logupload web application.
|
||||
An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted
|
||||
file leading to remote code execution within the logupload container.
|
||||
reference:
|
||||
- https://twitter.com/osama_hroot/status/1367258907601698816
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-21978
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
|
@ -48,3 +48,5 @@ requests:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- "len(body) == 28" # length of "\nFile uploaded successfully."
|
||||
|
||||
# Enhanced by mp on 2022/05/05
|
||||
|
|
Loading…
Reference in New Issue