CVE-2021-22035

VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment.

Published: Oct 13, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-22035
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:P/A:N

CWEs:

CWE-74

Affected Software
References

Software	From	Fixed in
vmware / cloud_foundation	4.0.0	4.3.1.x
vmware / vrealize_log_insight	8.0.0.x	8.60
vmware / vrealize_suite_lifecycle_manager	8.0.0	8.2.x

https://www.vmware.com/security/advisories/VMSA-2021-0022.html

Vulnerability Database

289,697

CVE-2021-22035