CVE-2021-1474
Published: 08 April 2021
Summary
CVE-2021-1474 is a medium-severity Improper Neutralization of Formula Elements in a CSV File (CWE-1236) vulnerability in Cisco Umbrella. Its CVSS base score is 6.5 (Medium).
Operationally, ranked in the top 43.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-6941
Vulnerability details
Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see…
more
the Details section of this advisory.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.