Not a critical flaw, but it is commonly found on web UI applications – VMware vRealize log Insight (CVE-2021-22021) – 24-8-2021

Preface: Log event collection without data normalization , it is hard to managed. And you will be crazy. If you do not have log event aggregation and correlation functions. Your IT life will become not easy.

Background: vRealize Log Insight delivers indexing and machine learning based Intelligent Grouping, to enable searching, for faster troubleshooting across physical, virtual and cloud environments.

Security Requirements recommended by vendor on the user guide. (Log-insight-getting-start-guide).
To ensure that your virtual environment is protected from external attacks, you must observe certain rules.
– Always install vRealize Log Insight in a trusted network.
– Always save vRealize Log Insight support bundles in a secure location.

Vulnerability details: VMware vRealize Log Insight contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link.

Reference: Input validation is the first step of checking the type and content of data supplied by a user or application. Improper input validation is a major factor in many web security vulnerabilities, including cross-site scripting (XSS) and SQL injection.

Remediation: Official announcement by vendor – https://www.vmware.com/security/advisories/VMSA-2021-0019.html

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.