CVE-2016-6566

Name of the Vulnerable Software and Affected Versions Sungard eTRAKiT3 version 3.2.1.17

Description The issue concerns the valueAsString parameter within the JSON payload of the ucLogin txtLoginId ClientStat POST parameter, which is not properly validated. This could allow an unauthenticated remote attacker to modify the POST request, potentially inserting a SQL query that may be executed by the backend server.

Recommendations For version 3.2.1.17, consider restricting access to the ucLogin txtLoginId ClientStat POST parameter until a fix is available, and avoid using the valueAsString parameter in the JSON payload to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.