Design/Logic Flaw

2021-10-1316:15:00

PRIOn knowledge base

www.prio-n.com

4.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.7%

JSON

VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user’s environment.

CPENameOperatorVersion
cloud_foundationge4.0.0
cloud_foundationle4.3.1
vrealize_log_insightgt8.0.0
vrealize_log_insightlt8.60
vrealize_suite_lifecycle_managerge8.0.0
vrealize_suite_lifecycle_managerle8.2

Name	Operator	Version
cloud_foundation	ge	4.0.0
cloud_foundation	le	4.3.1
vrealize_log_insight	gt	8.0.0
vrealize_log_insight	lt	8.60
vrealize_suite_lifecycle_manager	ge	8.0.0
vrealize_suite_lifecycle_manager	le	8.2

References

www.vmware.com/security/advisories/VMSA-2021-0022.html