{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-14T21:01:19.178","vulnerabilities":[{"cve":{"id":"CVE-2021-21978","sourceIdentifier":"security@vmware.com","published":"2021-03-03T18:15:14.177","lastModified":"2024-11-21T05:49:21.573","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted file leading to remote code execution within the logupload container."},{"lang":"es","value":"VMware View Planner versión 4.x anterior a 4.6 Security Parche 1, contiene una vulnerabilidad de ejecución de código remota . Una comprobación inapropiada de la entrada y una falta de autorización conlleva a una carga de archivos arbitraria en una aplicación web logupload. Un atacante no autorizado con acceso de red a View Planner Harness podría cargar y ejecutar un archivo especialmente diseñado que conduzca a una ejecución de código remota dentro del contenedor logupload"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:view_planner:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0","versionEndExcluding":"4.6","matchCriteriaId":"3BC2C971-8105-459B-AA0C-A028882AE46E"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:view_planner:4.6:-:*:*:*:*:*:*","matchCriteriaId":"F3BD451B-DE55-4089-8CAF-0A045C96CD53"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/161879/VMware-View-Planner-4.6-Remote-Code-Execution.html","source":"security@vmware.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.vmware.com/security/advisories/VMSA-2021-0003.html","source":"security@vmware.com","tags":["Vendor Advisory"]},{"url":"http://packetstormsecurity.com/files/161879/VMware-View-Planner-4.6-Remote-Code-Execution.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.vmware.com/security/advisories/VMSA-2021-0003.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}