RSS   Vulnerabilities for 'Alliance web platform'   RSS

2019-07-05
 
CVE-2018-16386

CWE-74
 

 
An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log injection (and an arbitrary log filename) can be achieved via the PATH_INFO to swp/login/EJBRemoteService/, related to com.swift.ejbgwt.j2ee.client.EjBlnvocationException error log information containing null@java:comp/env/ error messages.

 


Copyright 2024, cxsecurity.com

 

Back to Top