CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2016-6566

The valueAsString parameter inside the JSON payload contained by the ucLogin_txtLoginId_ClientStat POST parameter of the Sungard eTRAKiT3 software version 3.2.1.17 is not properly validated. An unauthenticated remote attacker may be able to modify the POST request and insert a SQL query which may then be executed by the backend server. eTRAKiT 3.2.1.17 was tested, but other versions may also be vulnerable.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.142

EPSS Ranking 94.1%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

http://www.securityfocus.com/bid/94696
https://www.kb.cert.org/vuls/id/846103
http://www.securityfocus.com/bid/94696
https://www.kb.cert.org/vuls/id/846103

Products affected by CVE-2016-6566

Sungardas » Etrakit3 » Version: 3.2.1.17

cpe:2.3:a:sungardas:etrakit3:3.2.1.17

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-6566

Products

Pricing

Contact Us