Security News > 2021 > March > VMware releases fix for severe View Planner RCE vulnerability
VMware has addressed a high severity unauthenticated RCE vulnerability in VMware View Planner, allowing attackers to abuse servers running unpatched software for remote code execution.
The vulnerability was discovered and reported to VMware by Positive Technologies web application security expert Mikhail Klyuchnikov.
Successfully exploiting VMware View Planner 4.x instances prior to 4.6 Security Patch 1 could allow remote attackers to upload arbitrary files via specially-crafted HTTP requests.
Last month, VMware addressed another vulnerability reported by Klyuchnikov, a critical RCE bug in the vCenter Server plugin affecting all default vCenter Client installations.
"The vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin," VMware said.
Attackers began mass scanning for vulnerable and Internet-exposed VMware vCenter servers within two days after security researchers published proof-of-concept exploit code.
News URL
Related news
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist (source)
- Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication (source)
- Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) (source)
- CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks (source)
- Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)