Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.2893 VMSA-2021-0019 - VMware vRealize Log Insight updates address Cross Site Scripting (XSS) vulnerability (CVE-2021-22021) 26 August 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: VMware vRealize Log Insight VMware Cloud Foundation Publisher: VMware Operating System: VMware ESX Server Virtualisation Impact/Access: Cross-site Scripting -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2021-22021 Original Bulletin: https://www.vmware.com/security/advisories/VMSA-2021-0019.html - --------------------------BEGIN INCLUDED TEXT-------------------- Advisory ID: VMSA-2021-0019 CVSSv3 Range: 6.5 Issue Date: 2021-08-24 Updated On: 2021-08-24 (Initial Advisory) CVE(s): CVE-2021-22021 Synopsis: VMware vRealize Log Insight updates address Cross Site Scripting (XSS) vulnerability (CVE-2021-22021) 1. Impacted Products o VMware vRealize Log Insight o VMware Cloud Foundation 2. Introduction A cross-site scripting vulnerability in VMware vRealize Log Insight was privately reported to VMware. Updates are available to remediate this vulnerability in affected VMware products. 3. VMware vRealize Log Insight updates address a Cross Site Scripting (XSS) vulnerability (CVE-2021-22021) Description VMware vRealize Log Insight contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.5. Known Attack Vectors An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link. Resolution To remediate CVE-2021-22021 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below. Workarounds None. Additional Documentation None. Notes None. Acknowledgements VMware would like to thank Marcin Kot of Prevenity and Tran Viet Quang of Vantage Point Security for independently reporting this vulnerability to us. Response Matrix Product Version Running CVE Identifier CVSSv3 Severity Fixed Workarounds Additional On Version Documentation VMware vRealize 8.4 Virtual N/A N/A N/A Unaffected N/A N/A Log Appliance Insight VMware vRealize 8.3 Virtual CVE-2021-22021 6.5 moderate KB85414 None None Log Appliance Insight VMware vRealize 8.2 Virtual CVE-2021-22021 6.5 moderate KB85412 None None Log Appliance Insight VMware 8.1.1, vRealize 8.1.0, Virtual CVE-2021-22021 6.5 moderate KB85405 None None Log 8.0.0 Appliance Insight and 4.x Impacted Product Suites that Deploy Response Matrix Components Product Version Running CVE Identifier CVSSv3 Severity Fixed Workarounds Additional On Version Documentation VMware Cloud 4.x Virtual CVE-2021-22021 6.5 moderate 4.3 None None Foundation Appliance (vRLI) 4. References Fixed Version(s) and Release Notes: VMware vRealize Log Insight 8.4.0 Downloads and Documentation: https://my.vmware.com/en/web/vmware/downloads/details?downloadGroup=VRLI-840& productId=1141&rPId=68060 https://docs.vmware.com/en/vRealize-Log-Insight/8.4/rn/ vRealize-Log-Insight-84.html VMware vRealize Log Insight 8.3: https://kb.vmware.com/s/article/85414 8.2: https://kb.vmware.com/s/article/85412 8.1.1: https://kb.vmware.com/s/article/85405 VMware Cloud Foundation 4.3 Downloads and Documentation: https://docs.vmware.com/en/VMware-Cloud-Foundation/4.3/rn/ VMware-Cloud-Foundation-43-Release-Notes.html Mitre CVE Dictionary Links: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22021 FIRST CVSSv3 Calculator: CVE-2021-22021: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/ PR:L/UI:R/S:C/C:L/I:L/A:L 5. Change Log 2021-08-24 VMSA-2021-0019 Initial security advisory. 6. Contact E-mail list for product security notifications and announcements: https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYScwqeNLKJtyKPYoAQh77g/6A7dFPTkfRF5QzCSLCBoAFB7xcqOVxPLj ES2BY+p3IcYLdRDI0ob2c1haarK2TvMicCXDibYUNWUuRB6LGRZSJezNHVT4XUbV F5/aUmq3C80FRu1vOl/eSp8v0DvDFLo68nd1yIlTEloTiWKJ97pQGJ9YqBe/WO7+ 0NUaKN+u+73oxlcLm1NrUp/joCcgvNGev//dRe+JmxjuC+HNKN22AH+FBfFA4aI7 A8SjmUSn3hIajQRDnjE4jsxo8eBtL3Qx5lviRvdjyI9ZFTOneKwIuV24PmFA9EQQ UcS4g1Ic/eNFYVIUHV5iNJrMNLON0qbU45vDHmccISD7PkTXUuA2wI2OroYhxcYn RIND9hNIl3mdRQ7gmo3Dqg1+nxQIpWM7qIAnplClGO6hFqG/YbQCkXH5p6mbIOb3 bzShIHLEGrpdu5IC0vXugTbyong5RC70N6nKBHk85q0Ya+Pl/u72ke/6eyUPq2MM r3MzSraBGqIzLufLJxwcI2PuJIU8blGgyFySjM4Rrh05rO4TDpFB4km9P0euduig b6A0aNykK+xL46VhxbzGG5vSn/oJb1Br1Pr8vptRKUoZNK6SPe/XWGFaXsneoeWv 95qvCnQLQFtMIYLD9lXVZ0AiU31kCiADTqtX/8QnWjnTc7mkEwG6uvGZfyCzI2r8 LkCLg0CBKRw= =kbEP -----END PGP SIGNATURE-----