LogonTracer contains a cypher injection vulnerability prior to version 2.0.0, allowing an attacker to alter the database contents by loading specially crafted Windows event log data. This flaw could enable unauthorized data modification, compromising the integrity of the application’s data store. The weakness falls under CWE‑943, reflecting unsanitized cypher input that can be exploited during data ingestion.

Vulnerable product is LogonTracer provided by the Japan Computer Emergency Response Team Coordination Center (JPCERT/CC). Any deployment running a version earlier than 2.0.0 is susceptible; no specific minor revisions are listed, so all pre‑2.0.0 releases are considered affected.

The CVSS score of 5.1 indicates medium risk, while an EPSS of less than 1 % suggests low likelihood of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. Exploitation would require an attacker to supply crafted event log data that LogonTracer processes, which implies either local access to the system to influence log ingestion or an exposed interface that accepts logs from external sources. Once triggered, the attacker could modify database entries, potentially altering authentication traces or other audit information.