The detected version of Navis WebAccess may be vulnerable to an SQL Injection (SQL) attack vector.
Versions of Navis WebAccess built befeore August 10, 2016 are affected by a flaw that may allow carrying out an SQL injection attack. The issue is due to the '/express/showNotice.do' script not properly sanitizing input to the 'GKEY' parameter. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. (CVE-2016-5817).
Upgrade WebAccess to a version built on August 10, 2016 or later.