Remote Log Injection Vulnerability in SchedulerServer of VMware Photon

Remote Log Injection Vulnerability in SchedulerServer of VMware Photon

CVE-2021-22055 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the package parameter. Attackers can also insert malicious data and fake entries.

Learn more about our Cis Benchmark Audit For Server Software.