[German]VMware View Planner has several vulnerabilities, that can be used for Remote Code Execution (RCE). VMware has issued a warning and also security updates for View Planner.
Advertising
VMware`s View Planner may be used as a free tool for benchmarking desktop client and server-side performance in Virtual Desktop Infrastructure environments. Older versions are vulnerable, so attackers can abuse it for remote code execution. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.6. VMware has released security updates for View Planner to fix that vulnerabilities. I came across this topic be several mentions on IT sites, like the tweet below from Bleeping Computer.
Details about the remote code execution vulnerability (CVE-2021-21978) may be read within this VMware advisory.
