On March 10, 2021, a critical vulnerability with a CVSS V3.1 Score of 9.8 was published in the VMware View Planner product that could lead to remote code execution. Due to the criticality and high score of this vulnerability, it is recommended to install the following patch. In addition, since the vulnerability and patch have been released, it is believed that attackers could examine and work on this fix and generate exploit codes. So, switch the security patch below to your system.

Affected Systems and CVE/CWE

It has been stated that the following system/product is affected:

• VMware View Planner 4.6

CVE/CWE: CVE-2021-21978

Solution Offers

It is recommended to install the updates listed in the table below.

Note: Those with a CVSS 3.1 score (out of 10) 7.0-8.9 are considered “high”, those with 9.0-10.0 are considered “critical” vulnerabilities.

Reference:

• https://www.vmware.com/security/advisories/VMSA-2021-0003.html
• https://nvd.nist.gov/vuln/detail/CVE-2021-21978