CVE-2021-22035

Name of the Vulnerable Software and Affected Versions VMware vRealize Log Insight versions 8.0 through 8.5

Description The issue is related to a CSV injection vulnerability in the interactive analytics export function of VMware vRealize Log Insight. This vulnerability can be exploited by an authenticated malicious actor with non-administrative privileges, who may embed untrusted data prior to exporting a CSV sheet. This embedded data could be executed in the user's environment, potentially compromising the integrity of protected information.

Recommendations For versions 8.0 through 8.5, update to version 8.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of the interactive analytics export function until a patch is available.