{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-02T15:46:38.967","vulnerabilities":[{"cve":{"id":"CVE-2021-22035","sourceIdentifier":"security@vmware.com","published":"2021-10-13T16:15:07.690","lastModified":"2024-11-21T05:49:28.620","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment."},{"lang":"es","value":"VMware vRealize Log Insight (versiones 8.x anteriores a 8.6) contienen una vulnerabilidad de inyección de CSV (Valores Separados por Comas) en la función interactive analytics export. Un actor malicioso autenticado con privilegios no administrativos puede ser capaz de insertar datos no confiables antes de exportar una hoja CSV mediante Log Insight que podría ser ejecutada en el entorno del usuario"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-74"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndIncluding":"4.3.1","matchCriteriaId":"67763E17-BABE-4A25-95BC-2B5F1666705C"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*","versionStartExcluding":"8.0.0","versionEndExcluding":"8.60","matchCriteriaId":"BECE8925-3981-4FB9-979E-CDFC1A55A13F"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndIncluding":"8.2","matchCriteriaId":"61B2C07D-4AD4-458B-86CA-FB2CA45A8EA7"}]}]}],"references":[{"url":"https://www.vmware.com/security/advisories/VMSA-2021-0022.html","source":"security@vmware.com","tags":["Patch","Vendor Advisory"]},{"url":"https://www.vmware.com/security/advisories/VMSA-2021-0022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}}]}