The vulnerability, CVE-2021-21978, has a CVSS ranking of 8.6, considered highly critical. The flaw is caused by improper input validation and lack of authorization, resulting in arbitrary file upload in VMware’s View Planner web application. Security experts say nation-state hackers and others can potentially leverage highly critical vulnerabilities for large-scale compromises, security experts say. In February, the U.S. National Security Agency warned that Russian state-sponsored threat actors were attempting to exploit a vulnerability in several VMware products.”]
Source: https://www.cuinfosecurity.com/vmware-patches-vulnerability-on-view-planner-a-16126