3. VMware vRealize Log Insight CSV injection vulnerability (CVE-2021-22035)
VMware vRealize Log Insight contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.5.
customerconnect.vmware.com/downloads/details?downloadGroup=VRLI-860&productId=938&rPId=75107
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22035
docs.vmware.com/en/vRealize-Log-Insight/8.6/rn/vRealize-Log-Insight-86.html
ikb.vmware.com/s/article/85990
kb.vmware.com/s/article/85985
kb.vmware.com/s/article/85989
kb.vmware.com/s/article/85992
kb.vmware.com/s/article/86000
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L