Misys FusionCapital Opics Plus contains multiple vulnerabilities
Original Release date: 19 Jul 2016 | Last revised: 19 Jul 2016

Overview
Misys FusionCapital Opics Plus is used by regional and local financial institutions to manage treasuries.

FusionCapital Opics Plus contains several vulnerabilities.

Description

CVE-2016-5653 CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
According to the reporter, an authenticated but low privileged user may exploit a SQL Injection in the “ID” and “Branch” parameters of a search and enumerate the full database.CVE-2016-5654 CWE-280: Improper Handling of Insufficient Permissions or PrivilegesAccording to the reporter, a remote authenticated attacker able to execute a man-in-the-middle attack may be able to tamper with the “xmlMessageOut” parameter of a client POST request to escalate privileges to administrator.CVE-2016-5655 CWE-295: Improper Certificate ValidationAccording to the reporter, a remote unauthenticated attacker able to execute a man-in-the-middle attack may be able to present an alternate SSL certificate and therefore decrypt all traffic between the client and FusionCapital Opics Plus server.

Impact

An authenticated attacker may be able escalate privileges to administrator, or perform full searches on the database.

An unauthenticated attacker may be able decrypt SSL traffic between the client and server.

Solution

The CERT/CC is currently unaware of a practical solution to this problem.

Restrict Network AccessAs a general good security practice, only allow connections from trusted hosts and networks.

Consult your firewall product’s manual for more information.

Vendor Information (Learn More)
Vendor
Status
Date Notified
Date Updated
Misys
Affected
26 Apr 2016
05 Jul 2016
If you are a vendor and your product is affected, let us know.
CVSS Metrics (Learn More)
Group
Score
Vector
Base
8.5
AV:N/AC:M/Au:S/C:C/I:C/A:C
Temporal
7.7
E:POC/RL:U/RC:C
Environmental
2.2
CDP:H/TD:L/CR:H/IR:H/AR:H

References

Credit
Thanks to Wissam Bashour for reporting this vulnerability.
This document was written by Garret Wassermann.

Other Information

Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.

Leave a Reply