Data Injection Vulnerability in IBM Daeja ViewONE by IBM
CVE-2017-1210

7.5HIGH

Key Information:

Vendor: IBM
Status: Daeja Viewone
Vendor: CVE Published:; 24 October 2017

Summary

The vulnerability in IBM Daeja ViewONE allows unauthenticated attackers to inject harmful data into log files, disguising it to appear legitimate. This manipulation can undermine the integrity of system logs and potentially facilitate further attacks or unauthorized access. Organizations using Daeja ViewONE must act promptly to safeguard their systems against this exploit.

Affected Version(s)

Daeja ViewONE 4.1.5.1

Daeja ViewONE 5.0.2

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/123850

x_refsource_MISC

http://www.ibm.com/support/docview.wss?uid=swg22008009

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 24, 2017
Vulnerability Reserved
Nov 30, 2016