CVE-2021-22055

CWE-743 documents3 sources
Severity
5.3MEDIUM
EPSS
0.2%
top 61.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Vmware Photon OS
Timeline
PublishedApr 11
Latest updateApr 12

Description

The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the package parameter. Attackers can also insert malicious data and fake entries.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDvmware/photon_os< 2022-02-16
CVEListV5photon_osMaster build

🔴Vulnerability Details

2
GHSA
GHSA-f4j4-c7rv-68cx: The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the package parameter2022-04-12
CVEList
CVE-2021-22055: The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the package parameter2022-04-11
CVE-2021-22055 (MEDIUM CVSS 5.3) | The SchedulerServer in Vmware photo | cvebase.io