ID CVE-2016-5653 Type cve Reporter cve@mitre.org Modified 2016-11-28T20:28:00
Description
Multiple SQL injection vulnerabilities in Misys FusionCapital Opics Plus allow remote authenticated users to execute arbitrary SQL commands via the (1) ID or (2) Branch parameter.
{"cert": [{"lastseen": "2019-10-09T19:49:51", "bulletinFamily": "info", "description": "### Overview \n\nMisys FusionCapital [Opics Plus](<https://www.misys.com/media/103101/fusioncapital_opics_swo.pdf>) is used by regional and local financial institutions to manage treasuries. FusionCapital Opics Plus contains several vulnerabilities.\n\n### Description \n\n[**CWE-89**](<http://cwe.mitre.org/data/definitions/89.html>)**: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - **CVE-2016-5653\n\nAccording to the reporter, an authenticated but low privileged user may exploit a SQL Injection in the \"`ID`\" and \"`Branch`\" parameters of a search and enumerate the full database. \n \n[**CWE-280**](<http://cwe.mitre.org/data/definitions/280.html>)**: Improper Handling of Insufficient Permissions or Privileges - **CVE-2016-5654 \n \nAccording to the reporter, a remote authenticated attacker able to execute a man-in-the-middle attack may be able to tamper with the \"`xmlMessageOut`\" parameter of a client POST request to escalate privileges to administrator. \n \n[**CWE-295**](<http://cwe.mitre.org/data/definitions/295.html>)**: Improper Certificate Validation - **CVE-2016-5655 \n \nAccording to the reporter, a remote unauthenticated attacker able to execute a man-in-the-middle attack may be able to present an alternate SSL certificate and therefore decrypt all traffic between the client and FusionCapital Opics Plus server. \n \nMisys has responded to these issues with the following statement: \n \n`_Misys has analysed the reported vulnerabilities and determined that they could \nrelate to a specific older version, but not for all versions, of one of our \napplications, with the matter being rectified with a user configuration change \nor non-emergency software patch. In short, we identified that the sql \ninjection vulnerability is true positive and the other two reported \nvulnerabilities are misconfigurations. For more information, our Opics clients \nare being directed to contact their Misys Customer Advocate._` \n \n--- \n \n### Impact \n\nAn authenticated attacker may be able escalate privileges to administrator, or perform full searches on the database. An unauthenticated attacker may be able decrypt SSL traffic between the client and server. \n \n--- \n \n### Solution \n\nThe CERT/CC is currently unaware of a practical solution to this problem. \n \n--- \n \n**Restrict Network Access** \n \nAs a general good security practice, only allow connections from trusted hosts and networks. Consult your firewall product's manual for more information. \n \n--- \n \n### Vendor Information\n\n682704\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Vendor has issued information\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n__ Affected __ Unknown __ Unaffected \n\n**Javascript is disabled. Click here to view vendors.**\n\n### __ __ Misys\n\nNotified: April 26, 2016 Updated: July 29, 2016 \n\n**Statement Date: July 27, 2016**\n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\n`Misys has analysed the reported vulnerabilities and determined that they could \nrelate to a specific older version, but not for all versions, of one of our \napplications, with the matter being rectified with a user configuration change \nor non-emergency software patch. In short, we identified that the sql \ninjection vulnerability is true positive and the other two reported \nvulnerabilities are misconfigurations. For more information, our Opics clients \nare being directed to contact their Misys Customer Advocate.`\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 8.5 | AV:N/AC:M/Au:S/C:C/I:C/A:C \nTemporal | 7.7 | E:POC/RL:U/RC:C \nEnvironmental | 2.2 | CDP:H/TD:L/CR:H/IR:H/AR:H \n \n \n\n\n### References \n\n * <https://www.misys.com/media/103101/fusioncapital_opics_swo.pdf>\n * <https://cwe.mitre.org/data/definitions/89.html>\n * <https://cwe.mitre.org/data/definitions/280.html>\n * <https://cwe.mitre.org/data/definitions/295.html>\n\n### Acknowledgements\n\nThanks to Wissam Bashour for reporting this vulnerability.\n\nThis document was written by Garret Wassermann.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2016-5653, ](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5653>) [CVE-2016-5654, ](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5654>) [CVE-2016-5655](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5655>) \n---|--- \n**Date Public:** | 2016-07-19 \n**Date First Published:** | 2016-07-19 \n**Date Last Updated: ** | 2016-08-08 14:22 UTC \n**Document Revision: ** | 45 \n", "modified": "2016-08-08T14:22:00", "published": "2016-07-19T00:00:00", "id": "VU:682704", "href": "https://www.kb.cert.org/vuls/id/682704", "type": "cert", "title": "Misys FusionCapital Opics Plus contains multiple vulnerabilities", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}]}