Operating System:

[Virtual]

Published:

26 August 2021

Protect yourself against future threats.

//Service

Phishing Take-Down

Drawing on our strong international CERT relationships we have a high success rate in delivering phishing take-downs.

Read more
Resources > Security Bulletins > ESB-2021.2893 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.2893
  VMSA-2021-0019 - VMware vRealize Log Insight updates address Cross Site
              Scripting (XSS) vulnerability (CVE-2021-22021)
                              26 August 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           VMware vRealize Log Insight
                   VMware Cloud Foundation
Publisher:         VMware
Operating System:  VMware ESX Server
                   Virtualisation
Impact/Access:     Cross-site Scripting -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-22021  

Original Bulletin: 
   https://www.vmware.com/security/advisories/VMSA-2021-0019.html

- --------------------------BEGIN INCLUDED TEXT--------------------

Advisory ID: VMSA-2021-0019
CVSSv3 Range: 6.5
Issue Date: 2021-08-24
Updated On: 2021-08-24 (Initial Advisory)
CVE(s): CVE-2021-22021
Synopsis: VMware vRealize Log Insight updates address Cross Site Scripting
(XSS) vulnerability (CVE-2021-22021)


1. Impacted Products

  o VMware vRealize Log Insight
  o VMware Cloud Foundation

2. Introduction

A cross-site scripting vulnerability in VMware vRealize Log Insight was
privately reported to VMware. Updates are available to remediate this
vulnerability in affected VMware products.

3. VMware vRealize Log Insight updates address a Cross Site Scripting (XSS)
vulnerability (CVE-2021-22021)

Description

VMware vRealize Log Insight contains a Cross Site Scripting (XSS) vulnerability
due to improper user input validation. VMware has evaluated the severity of
this issue to be in the Moderate severity range with a maximum CVSSv3 base
score of 6.5.

Known Attack Vectors

An attacker with user privileges may be able to inject a malicious payload via
the Log Insight UI which would be executed when the victim accesses the shared
dashboard link.

Resolution

To remediate CVE-2021-22021 apply the patches listed in the 'Fixed Version'
column of the 'Response Matrix' found below.

Workarounds

None.

Additional Documentation

None.

Notes

None.

Acknowledgements

VMware would like to thank Marcin Kot of Prevenity and Tran Viet
Quang of Vantage Point Security for independently reporting this vulnerability
to us.

Response Matrix

Product  Version Running   CVE Identifier CVSSv3 Severity Fixed      Workarounds Additional
                 On                                       Version                Documentation
VMware
vRealize 8.4     Virtual   N/A            N/A    N/A      Unaffected N/A         N/A
Log              Appliance
Insight
VMware
vRealize 8.3     Virtual   CVE-2021-22021 6.5    moderate KB85414    None        None
Log              Appliance
Insight
VMware
vRealize 8.2     Virtual   CVE-2021-22021 6.5    moderate KB85412    None        None
Log              Appliance
Insight
VMware   8.1.1,
vRealize 8.1.0,  Virtual   CVE-2021-22021 6.5    moderate KB85405    None        None
Log      8.0.0   Appliance
Insight  and 4.x

Impacted Product Suites that Deploy Response Matrix Components


Product    Version Running   CVE Identifier CVSSv3 Severity Fixed   Workarounds Additional
                   On                                       Version             Documentation
VMware
Cloud      4.x     Virtual   CVE-2021-22021 6.5    moderate 4.3     None        None
Foundation         Appliance
(vRLI)

4. References

Fixed Version(s) and Release Notes:


VMware vRealize Log Insight 8.4.0

Downloads and Documentation:

https://my.vmware.com/en/web/vmware/downloads/details?downloadGroup=VRLI-840&
productId=1141&rPId=68060

https://docs.vmware.com/en/vRealize-Log-Insight/8.4/rn/
vRealize-Log-Insight-84.html

 

VMware vRealize Log Insight

8.3: https://kb.vmware.com/s/article/85414

8.2: https://kb.vmware.com/s/article/85412

8.1.1: https://kb.vmware.com/s/article/85405

 

VMware Cloud Foundation 4.3

Downloads and Documentation:
https://docs.vmware.com/en/VMware-Cloud-Foundation/4.3/rn/
VMware-Cloud-Foundation-43-Release-Notes.html

 

Mitre CVE Dictionary Links:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22021

 

FIRST CVSSv3 Calculator:
CVE-2021-22021: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/
PR:L/UI:R/S:C/C:L/I:L/A:L


5. Change Log

2021-08-24 VMSA-2021-0019
Initial security advisory.

6. Contact

E-mail list for product security notifications and announcements:

https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYScwqeNLKJtyKPYoAQh77g/6A7dFPTkfRF5QzCSLCBoAFB7xcqOVxPLj
ES2BY+p3IcYLdRDI0ob2c1haarK2TvMicCXDibYUNWUuRB6LGRZSJezNHVT4XUbV
F5/aUmq3C80FRu1vOl/eSp8v0DvDFLo68nd1yIlTEloTiWKJ97pQGJ9YqBe/WO7+
0NUaKN+u+73oxlcLm1NrUp/joCcgvNGev//dRe+JmxjuC+HNKN22AH+FBfFA4aI7
A8SjmUSn3hIajQRDnjE4jsxo8eBtL3Qx5lviRvdjyI9ZFTOneKwIuV24PmFA9EQQ
UcS4g1Ic/eNFYVIUHV5iNJrMNLON0qbU45vDHmccISD7PkTXUuA2wI2OroYhxcYn
RIND9hNIl3mdRQ7gmo3Dqg1+nxQIpWM7qIAnplClGO6hFqG/YbQCkXH5p6mbIOb3
bzShIHLEGrpdu5IC0vXugTbyong5RC70N6nKBHk85q0Ya+Pl/u72ke/6eyUPq2MM
r3MzSraBGqIzLufLJxwcI2PuJIU8blGgyFySjM4Rrh05rO4TDpFB4km9P0euduig
b6A0aNykK+xL46VhxbzGG5vSn/oJb1Br1Pr8vptRKUoZNK6SPe/XWGFaXsneoeWv
95qvCnQLQFtMIYLD9lXVZ0AiU31kCiADTqtX/8QnWjnTc7mkEwG6uvGZfyCzI2r8
LkCLg0CBKRw=
=kbEP
-----END PGP SIGNATURE-----