Vulnerabilities > CVE-2021-36334 - Improper Neutralization of Formula Elements in a CSV File vulnerability in Dell EMC Cloud Link

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

dell

CWE-1236

NVD

Published: 2021-11-23

Updated: 2021-11-27

Summary

Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula Injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to arbitrary code execution on end user machine

Vulnerable Configurations

Part	Description	Count
Application	Dell Dell EMC Cloud Link *	1

Common Weakness Enumeration (CWE)

CWE-1236 - Improper Neutralization of Formula Elements in a CSV File

References

https://www.dell.com/support/kbdoc/en-us/000193031/https-dellservices-lightning-force-com-one-one-app