How I Found a CVE in Logrhythm | CVE-2021–41943

Hello,

I am writing my first blog post to show how I got a CVE (HTML Tag Injection) in Logrhythm web console version 7.4.9.

Logrhythm Web Console

It is a SIEM platform allows analysts to efficiently capture logs and use advanced analytics to surface known and unknown threats, all while automating manual tasks with embedded security orchestration, automation, and response (SOAR) capabilities.¹

How I got it to Work?

Adding a new “Contextualize Actions “ and injecting HTML tags payload in the name field

Another Rendering Point

Going on to the cases and adding a new note/comment will render the HTML tag injection

Thanks for reading!

[1]: Client Console Analyst Guide https://docs.logrhythm.com/docs/enterprise/client-console-analyst-guide