Security Advisory

CVE-2018-16386

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-07-05 19:58:09
Last updated 2024-08-05 10:24:32
Assigner mitre
State PUBLISHED

Description

An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log injection (and an arbitrary log filename) can be achieved via the PATH_INFO to swp/login/EJBRemoteService/, related to com.swift.ejbgwt.j2ee.client.EjBlnvocationException error log information containing null@java:comp/env/ error messages.