CVE-2021-22035
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment.
VMware vRealize Log Insight (versiones 8.x anteriores a 8.6) contienen una vulnerabilidad de inyección de CSV (Valores Separados por Comas) en la función interactive analytics export. Un actor malicioso autenticado con privilegios no administrativos puede ser capaz de insertar datos no confiables antes de exportar una hoja CSV mediante Log Insight que podría ser ejecutada en el entorno del usuario
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-04 CVE Reserved
- 2021-10-13 CVE Published
- 2023-05-06 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.vmware.com/security/advisories/VMSA-2021-0022.html | 2021-10-20 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Vmware Search vendor "Vmware" | Cloud Foundation Search vendor "Vmware" for product "Cloud Foundation" | >= 4.0.0 <= 4.3.1 Search vendor "Vmware" for product "Cloud Foundation" and version " >= 4.0.0 <= 4.3.1" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vrealize Log Insight Search vendor "Vmware" for product "Vrealize Log Insight" | > 8.0.0 < 8.60 Search vendor "Vmware" for product "Vrealize Log Insight" and version " > 8.0.0 < 8.60" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vrealize Suite Lifecycle Manager Search vendor "Vmware" for product "Vrealize Suite Lifecycle Manager" | >= 8.0.0 <= 8.2 Search vendor "Vmware" for product "Vrealize Suite Lifecycle Manager" and version " >= 8.0.0 <= 8.2" | - |
Affected
|