Code injection

2022-04-1120:15:00

PRIOn knowledge base

www.prio-n.com

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.4%

JSON

The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the package parameter. Attackers can also insert malicious data and fake entries.

CPENameOperatorVersion
photon_oseq< 2022216

CPE	Name	Operator	Version
	photon_os	eq	< 2022216

References

github.com/vmware/photon/wiki/log_injection_vulnerability