CVE-2021-1474

Name of the Vulnerable Software and Affected Versions: Cisco Umbrella (affected versions not specified)

Description: The issue concerns multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella. These vulnerabilities could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. The vulnerability is also related to a lack of neutralization of elements in a CSV file, which could allow a remote attacker to execute arbitrary code.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.