{"vuid":"VU#742632","idnumber":"742632","name":"Sage XRT Treasury database fails to properly restrict access to authorized users","keywords":["sage","treasury","authorization bypass"],"overview":"Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authenticated user to gain full access to privileged database functions.","clean_desc":"CWE-639: Authorization Bypass Through User-Controlled Key - CVE-2017-3183 Sage XRT Treasury is a business finance management application. Database user access privileges are determined by the USER_CODE field associated with the querying user. By modifying the USER_CODE value to match that of a privileged user, a low-privileged, authenticated user may gain privileged access to the SQL database.","impact":"A remote, authenticated user can submit specially crafted SQL queries to gain privileged access to the application database.","resolution":"Apply an upgrade The vendor has indicated that XRT Treasury version 4 addresses this issue. Users are encouraged to update to the latest release and to encrypt connections to the database server.","workarounds":"","sysaffected":"","thanks":"Thanks to Victor Portal Gonzalez of Deloitte Spain for reporting this vulnerability.","author":"This document was written by Joel Land.","public":["https://cwe.mitre.org/data/definitions/639.html","http://www.sagetreasury.com/Products/Sage%20XRT%20Treasury"],"cveids":["CVE-2017-3183"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2016-12-02T21:11:27Z","publicdate":"2017-02-28T00:00:00Z","datefirstpublished":"2017-02-28T15:04:05Z","dateupdated":"2017-02-28T15:04:06Z","revision":16,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"9","cvss_basevector":"AV:N/AC:L/Au:S/C:C/I:C/A:C","cvss_temporalscore":"7","cvss_environmentalscore":"5.3044065648","cvss_environmentalvector":"CDP:ND/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}