Notified:  April 26, 2016 Updated: July 29, 2016

Statement Date:   July 27, 2016

Status

Affected

Vendor Statement

Misys has analysed the reported vulnerabilities and determined that they could relate to a specific older version, but not for all versions, of one of our applications, with the matter being rectified with a user configuration change or non-emergency software patch. In short, we identified that the sql injection vulnerability is true positive and the other two reported vulnerabilities are misconfigurations. For more information, our Opics clients are being directed to contact their Misys Customer Advocate.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.