CVE-2021-1474
MEDIUMCisco Umbrella - Authenticated Formula and Link Injection in Admin Audit Log Export and Scheduled Reports
Title source: llmDescription
Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-inject-gbZGHP5T
Scores
CVSS v3
6.5
EPSS
0.0064
EPSS Percentile
45.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-1236
Status
published
Products (1)
cisco/umbrella
Published
Apr 08, 2021
Tracked Since
Feb 18, 2026