Vulnerability Note VU#846103
Sungard eTRAKiT3 may be vulnerable to SQL injection
According to the reporter, the Sungard eTRAKiT3 software version 18.104.22.168 may be vulnerable to SQL injection which may allow a remote unauthenticated attacker to run a subset of SQL commands against the back-end database.
CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) – CVE-2016-6566
According to the reporter, the valueAsString parameter inside the JSON payload contained by the ucLogin_txtLoginId_ClientStat POST parameter is not properly validated. An unauthenticated remote attacker may be able to modify the POST request and insert a SQL query which may then be executed by the backend server. According to the reporter, eTRAKiT 22.214.171.124 was tested, but other versions may also be vulnerable.
A remote unauthenticated attacker may be able to run a subset of SQL commands against the back-end database.
Apply a patch
Sungard has provided the following statement:
However, affected users may also consider the following workaround:
As a general good security practice, only allow connections from trusted hosts and networks. Note that restricting access does not prevent SQLi attacks since the attack comes as an SQL request from a legitimate user’s host. Restricting access would prevent an attacker from accessing a web interface using stolen credentials from a blocked network location.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Sungard||Affected||21 Oct 2016||12 Dec 2016|
If you are a vendor and your product is affected, let
CVSS Metrics (Learn More)
Thanks to Illumant for reporting this vulnerability.
This document was written by Garret Wassermann.
06 Dec 2016
Date First Published:
06 Dec 2016
Date Last Updated:
12 Dec 2016
If you have feedback, comments, or additional information about this vulnerability, please send us email.