CVE-2021-37702
Published: 18 August 2021
Summary
CVE-2021-37702 is a high-severity Improper Neutralization of Formula Elements in a CSV File (CWE-1236) vulnerability in Pimcore Pimcore. Its CVSS base score is 8.0 (High).
Operationally, ranked at the 11.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-1821
Vulnerability details
Pimcore is an open source data & experience management platform. Prior to version 10.1.1, Data Object CSV import allows formular injection. The problem is patched in 10.1.1. Aside from upgrading, one may apply the patch manually as a workaround.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.