Log Injection Vulnerability in SWIFT Alliance Web Platform 7.1.23

Log Injection Vulnerability in SWIFT Alliance Web Platform 7.1.23

CVE-2018-16386 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log injection (and an arbitrary log filename) can be achieved via the PATH_INFO to swp/login/EJBRemoteService/, related to com.swift.ejbgwt.j2ee.client.EjBlnvocationException error log information containing null@java:comp/env/ error messages.

Learn more about our Web App Pen Testing.