Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Navis WebAccess Builds < August 10, 2016 SQLi



The detected version of Navis WebAccess may be vulnerable to an SQL Injection (SQL) attack vector.


Versions of Navis WebAccess built befeore August 10, 2016 are affected by a flaw that may allow carrying out an SQL injection attack. The issue is due to the '/express/showNotice.do' script not properly sanitizing input to the 'GKEY' parameter. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. (CVE-2016-5817).


Upgrade WebAccess to a version built on August 10, 2016 or later.