Security News > 2021 > March > VMware releases fix for severe View Planner RCE vulnerability
VMware has addressed a high severity unauthenticated RCE vulnerability in VMware View Planner, allowing attackers to abuse servers running unpatched software for remote code execution.
The vulnerability was discovered and reported to VMware by Positive Technologies web application security expert Mikhail Klyuchnikov.
Successfully exploiting VMware View Planner 4.x instances prior to 4.6 Security Patch 1 could allow remote attackers to upload arbitrary files via specially-crafted HTTP requests.
Last month, VMware addressed another vulnerability reported by Klyuchnikov, a critical RCE bug in the vCenter Server plugin affecting all default vCenter Client installations.
"The vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin," VMware said.
Attackers began mass scanning for vulnerable and Internet-exposed VMware vCenter servers within two days after security researchers published proof-of-concept exploit code.
News URL
Related news
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- VMware fixes critical RCE, make-me-root bugs in vCenter - for the second time (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
- Palo Alto Networks warns of potential PAN-OS RCE vulnerability (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)