{ VMSA-2021-0019 } VMware vRealize Log Insight updates address Cross Site Scripting (XSS) vulnerability (CVE-2021-22021)
vRLi من خلالها بيتمكن المهاجم بصلاحيات مستخدم عادي من اضافه برمجيات ضاره لواجهه vulnerability
المنتجات المصابه:
vRealize Log insight 4.x , 8.0 to 8.3
vCF vRLi v 4.x
الحلول :
تطبيق بعض التحديثات علي الاصدارات المصابه
vCF vRLi 4.x update to 4.3
vRLi 8.3 KB85414
vRLi 8.2 KB85412
vRLi 4.x , 8.0 , 8.1 , 8.1.1. KB85405
Advisory ID:VMSA-2021-0019
Range: 6.5
Issue Date: 2021-08-24
CVE(s): CVE-2021-22021
Synopsis: VMware vRealize Log Insight updates address Cross Site Scripting (XSS) vulnerability (CVE-2021-22021)
Impacted Products
- VMware vRealize Log Insight
- VMware Cloud Foundation
Known Attack Vectors
An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link.
Resolution
vCF vRLi 4.x update to 4.3
vRLi 8.3 KB85414
vRLi 8.2 KB85412
vRLi 4.x , 8.0 , 8.1 , 8.1.1. KB85405
for more details : VMSA-2021-0019/VMSA-2021–0019.html
Sign Up to Our Newsletter
Get notified about exclusive offers every week!
© 2020 | All rights reserved | Developed By Joweb
Leave A Comment