CVE-2019-11642

Name of the Vulnerable Software and Affected Versions OneShield Policy (Dragon Core) versions prior to 5.1.10

Description A log poisoning issue has been found, allowing authenticated remote adversaries to poison log files by entering malicious payloads in either headers or form elements, which are then executed via a client-side debugging console. This issue is dependent on the debugging console and Java Bean being accessible to the deployed application.

Recommendations For versions prior to 5.1.10, update to version 5.1.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the debugging console and Java Bean to minimize the risk of exploitation.