Vulnerability Details CVE-2018-16386
An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log injection (and an arbitrary log filename) can be achieved via the PATH_INFO to swp/login/EJBRemoteService/, related to com.swift.ejbgwt.j2ee.client.EjBlnvocationException error log information containing null@java:comp/env/ error messages.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.7%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2018-16386
-
cpe:2.3:a:swift:alliance_web_platform:7.1.23