search menu icon-carat-right cmu-wordmark

CERT Coordination Center


Sungard eTRAKiT3 may be vulnerable to SQL injection

Vulnerability Note VU#846103

Original Release Date: 2016-12-06 | Last Revised: 2016-12-12

Overview

According to the reporter, the Sungard eTRAKiT3 software version 3.2.1.17 may be vulnerable to SQL injection which may allow a remote unauthenticated attacker to run a subset of SQL commands against the back-end database.

Description

CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - CVE-2016-6566

According to the reporter, the valueAsString parameter inside the JSON payload contained by the ucLogin_txtLoginId_ClientStat POST parameter is not properly validated. An unauthenticated remote attacker may be able to modify the POST request and insert a SQL query which may then be executed by the backend server. According to the reporter, eTRAKiT 3.2.1.17 was tested, but other versions may also be vulnerable.

Impact

A remote unauthenticated attacker may be able to run a subset of SQL commands against the back-end database.

Solution

Apply a patch

Sungard has provided the following statement:

SunGard Public Sector appreciates that this issue has been brought to our attention.   Our development team has addressed this report with a patch release.  Please contact the SunGard Public Sector TRAKiT Solutions division to request the patch release.  (858) 451-3030.

However, affected users may also consider the following workaround:

Restrict access

As a general good security practice, only allow connections from trusted hosts and networks. Note that restricting access does not prevent SQLi attacks since the attack comes as an SQL request from a legitimate user's host. Restricting access would prevent an attacker from accessing a web interface using stolen credentials from a blocked network location.

Vendor Information

846103
Expand all

Sungard

Notified:  October 21, 2016 Updated:  December 12, 2016

Statement Date:   December 09, 2016

Status

  Affected

Vendor Statement

SunGard Public Sector appreciates that this issue has been brought to our
attention.   Our development team has addressed this report with a patch
release.  Please contact the SunGard Public Sector TRAKiT Solutions division to
request the patch release.  (858) 451-3030.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C
Temporal 8.0 E:POC/RL:U/RC:UR
Environmental 6 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

Credit

Thanks to Illumant for reporting this vulnerability.

This document was written by Garret Wassermann.

Other Information

CVE IDs: CVE-2016-6566
Date Public: 2016-12-06
Date First Published: 2016-12-06
Date Last Updated: 2016-12-12 14:00 UTC
Document Revision: 33

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.