Lucene search

VmwareCVELIST:CVE-2021-22035

HistoryOct 13, 2021 - 3:50 p.m.

CVE-2021-22035

2021-10-1315:50:54

vmware

www.cve.org

vmware

log insight

csv injection

vulnerability

interactive analytics

export

authenticated

non-administrative

privileges

untrusted data

AI Score

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user’s environment.

CNA Affected

[
  {
    "product": "VMware vRealize Log Insight",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "VMware vRealize Log Insight (8.x prior to 8.6)"
      }
    ]
  }
]

References

www.vmware.com/security/advisories/VMSA-2021-0022.html