VMware vRealize Log Insight (8.x before 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vmware cloud foundation |
||
vmware vrealize log insight |
||
vmware vrealize suite lifecycle manager |