CVE-2019-11642
HIGHOneShield Policy (Dragon Core) <5.1.10 - Log Poisoning
Title source: llmDescription
A log poisoning vulnerability has been discovered in the OneShield Policy (Dragon Core) framework before 5.1.10. Authenticated remote adversaries can poison log files by entering malicious payloads in either headers or form elements. These payloads are then executed via a client side debugging console. This is predicated on the debugging console and Java Bean being made available to the deployed application.
References (2)
Core 2
Core References
Product, Vendor Advisory x_refsource_misc
https://oneshield.com/business-solutions/oneshield-pc-solutions/oneshield-policy/
Mailing List, Third Party Advisory x_refsource_misc
http://seclists.org/fulldisclosure/2019/May/1
Scores
CVSS v3
8.8
EPSS
0.0154
EPSS Percentile
71.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-94
Status
published
Products (1)
oneshield/oneshield_policy
< 5.1.10
Published
May 08, 2019
Tracked Since
Feb 18, 2026