Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM52F6C2A704E4A19BFC9C488BB67BA9BB70F450D89161F46235AEBE24AE459155
HistoryJan 28, 2021 - 7:16 p.m.

Security Bulletin: Log injection is possible in Daeja ViewONE Professional, Standard & Virtual

2021-01-2819:16:14
www.ibm.com
12
ibm
daeja viewone
log injection

EPSS

0.001

Percentile

44.4%

JSON

Summary

A specially crafted request or annotation in ViewONE could inject a realistic looking log line.

Vulnerability Details

CVEID: CVE-2017-1210**
DESCRIPTION:** IBM Daeja ViewONE Professional, Standard & Virtual could allow an unathenticated attacker to inject data into log files made to look legitimate.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/123850 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Product Name

|

Affected Versions

—|—
Daeja ViewONE Virtual| 5.0.0
Daeja ViewONE Professional, Standard & Virtual| 4.1.5

Remediation/Fixes

Customer should apply the version of ViewONE that contains the fixes.

Product

|

VRMF

|

APAR

|

Remediation / First Fix

—|—|—|—
Daeja ViewONE Virtual| 5.0.0| NA| Use IBM Daeja ViewONE Virtual 5.0.2.0 iFix001
Daeja ViewONE Professional, Standard & Virtual| 4.1.5| NA| Use IBM Daeja ViewONE 4.1.5.1 iFix022

Workarounds and Mitigations

None

Related

cve 1
prion 1
cvelist 1
nvd 1
cve
cve
CVE-2017-1210
2017-10-24 21:29:00
prion
prion
Code injection
2017-10-24 21:29:00
cvelist
cvelist
CVE-2017-1210
2017-10-24 21:00:00
nvd
nvd
CVE-2017-1210
2017-10-24 21:29:00

EPSS

0.001

Percentile

44.4%

JSON
Related for 52F6C2A704E4A19BFC9C488BB67BA9BB70F450D89161F46235AEBE24AE459155
cve1prion1cvelist1nvd1