CVE-2021-22021

Name of the Vulnerable Software and Affected Versions VMware vRealize Log Insight versions 8.x prior to 8.4

Description The issue is due to improper user input validation, allowing an attacker with user privileges to inject a malicious payload via the Log Insight UI. This payload would be executed when the victim accesses the shared dashboard link, potentially impacting the confidentiality and integrity of protected information. The vulnerability can be exploited by a remote attacker using a specially crafted link.

Recommendations For versions 8.x prior to 8.4, update to version 8.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the Log Insight UI to minimize the risk of exploitation. Avoid sharing dashboard links from untrusted sources until the issue is resolved.