8.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
56.0%
Misys FusionCapital Opics Plus is used by regional and local financial institutions to manage treasuries. FusionCapital Opics Plus contains several vulnerabilities.
CWE-89**: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) -**CVE-2016-5653
According to the reporter, an authenticated but low privileged user may exploit a SQL Injection in the “ID
” and “Branch
” parameters of a search and enumerate the full database.
CWE-280**: Improper Handling of Insufficient Permissions or Privileges -**CVE-2016-5654
According to the reporter, a remote authenticated attacker able to execute a man-in-the-middle attack may be able to tamper with the “xmlMessageOut
” parameter of a client POST request to escalate privileges to administrator.
CWE-295**: Improper Certificate Validation -**CVE-2016-5655
According to the reporter, a remote unauthenticated attacker able to execute a man-in-the-middle attack may be able to present an alternate SSL certificate and therefore decrypt all traffic between the client and FusionCapital Opics Plus server.
Misys has responded to these issues with the following statement:
_Misys has analysed the reported vulnerabilities and determined that they could relate to a specific older version, but not for all versions, of one of our applications, with the matter being rectified with a user configuration change or non-emergency software patch. In short, we identified that the sql injection vulnerability is true positive and the other two reported vulnerabilities are misconfigurations. For more information, our Opics clients are being directed to contact their Misys Customer Advocate._
An authenticated attacker may be able escalate privileges to administrator, or perform full searches on the database. An unauthenticated attacker may be able decrypt SSL traffic between the client and server.
The CERT/CC is currently unaware of a practical solution to this problem.
Restrict Network Access
As a general good security practice, only allow connections from trusted hosts and networks. Consult your firewall product’s manual for more information.
682704
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: April 26, 2016 Updated: July 29, 2016
Statement Date: July 27, 2016
Affected
Misys has analysed the reported vulnerabilities and determined that they could relate to a specific older version, but not for all versions, of one of our applications, with the matter being rectified with a user configuration change or non-emergency software patch. In short, we identified that the sql injection vulnerability is true positive and the other two reported vulnerabilities are misconfigurations. For more information, our Opics clients are being directed to contact their Misys Customer Advocate.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | 8.5 | AV:N/AC:M/Au:S/C:C/I:C/A:C |
Temporal | 7.7 | E:POC/RL:U/RC:C |
Environmental | 2.2 | CDP:H/TD:L/CR:H/IR:H/AR:H |
Thanks to Wissam Bashour for reporting this vulnerability.
This document was written by Garret Wassermann.
CVE IDs: | CVE-2016-5653, CVE-2016-5654, CVE-2016-5655 |
---|---|
Date Public: | 2016-07-19 Date First Published: |
8.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
56.0%