VMware vRealize Log Insight updates address CSV injection vulnerability (CVE-2021-22035)

2021-10-1200:00:00

www.vmware.com

4.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.7%

JSON

3. VMware vRealize Log Insight CSV injection vulnerability (CVE-2021-22035)

VMware vRealize Log Insight contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.5.

CPENameOperatorVersion
vmware vrealize log insighteq8.4.1
vmware vrealize log insighteq8.4.0
vmware vrealize log insighteq8.3
vmware vrealize log insighteq8.2
vmware vrealize log insighteq8.1.1
vmware vrealize log insighteq8.1.0
vmware vrealize log insighteq8.0.0
vmware vrealize log insighteq4.x
vmware cloud foundation (vrli)eq4.x
vrealize suite lifecycle manager (vrli)eq8.x

Name	Operator	Version
vmware vrealize log insight	eq	8.4.1
vmware vrealize log insight	eq	8.4.0
vmware vrealize log insight	eq	8.3
vmware vrealize log insight	eq	8.2
vmware vrealize log insight	eq	8.1.1
vmware vrealize log insight	eq	8.1.0
vmware vrealize log insight	eq	8.0.0
vmware vrealize log insight	eq	4.x
vmware cloud foundation (vrli)	eq	4.x
vrealize suite lifecycle manager (vrli)	eq	8.x