Impact
The vulnerability arises from improper output neutralization for logs in upKeeper Solutions' upKeeper Instant Privilege Access on Windows. Attackers can inject arbitrary characters into log entries, leading to log tampering, forging, and deception. The flaw maps to CWE‑117. Log injection permits falsification of audit trails, thus undermining the integrity and reliability of system logs, which can compromise forensic investigations and hinder detection of other malicious activity.
Affected Systems
Affected products include upKeeper Solutions' upKeeper Instant Privilege Access on Windows, all releases through version 1.6.1. Enterprises running any of these versions are exposed to the log‑injection risk.
Risk and Exploitability
Based on the description, it is inferred that an attacker could inject arbitrary characters into log entries via any input path that is reflected into the logs. With a CVSS base score of 7.9 the flaw is considered high severity, and while it is not listed in the CISA KEV catalog, EPSS data is unavailable, so the current exploitation probability cannot be precisely quantified. Nevertheless, because the injection occurs in log processing, any user or process that can deliver input to the application might trigger the flaw, potentially allowing forged log records that mislead monitoring and forensic efforts.
OpenCVE Enrichment