CVE-2019-11642

Published: May 8, 2019Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A log poisoning vulnerability has been discovered in the OneShield Policy (Dragon Core) framework before 5.1.10. Authenticated remote adversaries can poison log files by entering malicious payloads in either headers or form elements. These payloads are then executed via a client side debugging console. This is predicated on the debugging console and Java Bean being made available to the deployed application.

Affected (1)

Products: Oneshield: Oneshield Policy

1 product

Oneshield Policy

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Oneshield Oneshield Policy	Before 5.1.10

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (4)

http://seclists.org/fulldisclosure/2019/May/1

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://oneshield.com/business-solutions/oneshield-pc-solutions/oneshield-policy/

Source: cve@mitre.org

ProductVendor Advisory

http://seclists.org/fulldisclosure/2019/May/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://oneshield.com/business-solutions/oneshield-pc-solutions/oneshield-policy/

Source: af854a3a-2127-422b-91ae-364da2661108

ProductVendor Advisory

Timeline

No history available yet.