An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log injection (and an arbitrary log filename) can be achieved via the PATH_INFO to swp/login/EJBRemoteService/, related to com.swift.ejbgwt.j2ee.client.EjBlnvocationException error log information containing null@java:comp/env/ error messages.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-116,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| swift | alliance_web_platform | 7.1.23 |