Tran Viet Quang

**Name of the Vulnerable Software and Affected Versions** VMware vRealize Log Insight versions 8.0 through 8.5 **Description** The issue is related to a CSV injection vulnerability in the interactive analytics export function of VMware vRealize Log Insight. This vulnerability can be exploited by an authenticated malicious actor with non-administrative privileges, who may embed untrusted data prior to exporting a CSV sheet. This embedded data could be executed in the user's environment, potentially compromising the integrity of protected information. **Recommendations** For versions 8.0 through 8.5, update to version 8.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of the interactive analytics export function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** VMware vRealize Log Insight versions 8.x prior to 8.4 **Description** The issue is due to improper user input validation, allowing an attacker with user privileges to inject a malicious payload via the Log Insight UI. This payload would be executed when the victim accesses the shared dashboard link, potentially impacting the confidentiality and integrity of protected information. The vulnerability can be exploited by a remote attacker using a specially crafted link. **Recommendations** For versions 8.x prior to 8.4, update to version 8.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the Log Insight UI to minimize the risk of exploitation. Avoid sharing dashboard links from untrusted sources until the issue is resolved.