{"vuid":"VU#846103","idnumber":"846103","name":"Sungard eTRAKiT3 may be vulnerable to SQL injection","keywords":["sqli"],"overview":"According to the reporter, the Sungard eTRAKiT3 software version 3.2.1.17 may be vulnerable to SQL injection which may allow a remote unauthenticated attacker to run a subset of SQL commands against the back-end database.","clean_desc":"CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - CVE-2016-6566 According to the reporter, the valueAsString parameter inside the JSON payload contained by the ucLogin_txtLoginId_ClientStat POST parameter is not properly validated. An unauthenticated remote attacker may be able to modify the POST request and insert a SQL query which may then be executed by the backend server. According to the reporter, eTRAKiT 3.2.1.17 was tested, but other versions may also be vulnerable.","impact":"A remote unauthenticated attacker may be able to run a subset of SQL commands against the back-end database.","resolution":"Apply a patch Sungard has provided the following statement: SunGard Public Sector appreciates that this issue has been brought to our attention. Our development team has addressed this report with a patch release. Please contact the SunGard Public Sector TRAKiT Solutions division to request the patch release. (858) 451-3030. However, affected users may also consider the following workaround:","workarounds":"Restrict access As a general good security practice, only allow connections from trusted hosts and networks. Note that restricting access does not prevent SQLi attacks since the attack comes as an SQL request from a legitimate user's host. Restricting access would prevent an attacker from accessing a web interface using stolen credentials from a blocked network location.","sysaffected":"","thanks":"Thanks to Illumant for reporting this vulnerability.","author":"This document was written by Garret Wassermann.","public":["h","t","t","p",":","/","/","w","w","w",".","s","u","n","g","a","r","d","p","s",".","c","o","m","/","s","o","l","u","t","i","o","n","s","/","t","r","a","k","i","t","/"],"cveids":["CVE-2016-6566"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2016-10-14T15:21:37Z","publicdate":"2016-12-06T00:00:00Z","datefirstpublished":"2016-12-06T16:15:20Z","dateupdated":"2016-12-12T14:00:25Z","revision":34,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"2","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"U","cvss_reportconfidence":"UR","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"9.3","cvss_basevector":"AV:N/AC:M/Au:N/C:C/I:C/A:C","cvss_temporalscore":"8","cvss_environmentalscore":"5.9842549872","cvss_environmentalvector":"CDP:ND/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}