Security News > 2021 > March > VMware releases fix for severe View Planner RCE vulnerability
VMware has addressed a high severity unauthenticated RCE vulnerability in VMware View Planner, allowing attackers to abuse servers running unpatched software for remote code execution.
The vulnerability was discovered and reported to VMware by Positive Technologies web application security expert Mikhail Klyuchnikov.
Successfully exploiting VMware View Planner 4.x instances prior to 4.6 Security Patch 1 could allow remote attackers to upload arbitrary files via specially-crafted HTTP requests.
Last month, VMware addressed another vulnerability reported by Klyuchnikov, a critical RCE bug in the vCenter Server plugin affecting all default vCenter Client installations.
"The vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin," VMware said.
Attackers began mass scanning for vulnerable and Internet-exposed VMware vCenter servers within two days after security researchers published proof-of-concept exploit code.
News URL
Related news
- Palo Alto Networks warns of potential PAN-OS RCE vulnerability (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks (source)