Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-p728-xw8r-5f6m

Опубликовано: 24 мая 2022
Источник: github
Github: Не прошло ревью

Описание

VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment.

VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment.

Ссылки

EPSS

Процентиль: 50%
0.00267
Низкий

CVE ID

CVE-2021-22035

Дефекты

CWE-74

Связанные уязвимости

nvd логотип

CVE-2021-22035

CVSS3: 4.3
nvd
больше 4 лет назад

VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment.

fstec логотип

BDU:2022-05015

CVSS3: 4.3
fstec
больше 4 лет назад

Уязвимость функции экспорта средства управления журналами vRealize Log Insight, позволяющая нарушителю оказать воздействие на целостность защищаемой информации

EPSS

Процентиль: 50%
0.00267
Низкий

CVE ID

CVE-2021-22035

Дефекты

CWE-74