Vulnerabilities > CVE-2021-36334 - Improper Neutralization of Formula Elements in a CSV File vulnerability in Dell EMC Cloud Link

CVSS 6.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

dell

CWE-1236

NVD

Published: 2021-11-23

Updated: 2021-11-27

Summary

Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula Injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to arbitrary code execution on end user machine

Vulnerable Configurations

Part	Description	Count
Application	Dell Dell EMC Cloud Link *	1

Common Weakness Enumeration (CWE)

CWE-1236 - Improper Neutralization of Formula Elements in a CSV File

References

https://www.dell.com/support/kbdoc/en-us/000193031/https-dellservices-lightning-force-com-one-one-app