MidnightBSD

Advisories for misys

CVE-2016-5653 MEDIUM

Multiple SQL injection vulnerabilities in Misys FusionCapital Opics Plus allow remote authenticated users to execute arbitrary SQL commands via the (1) ID or (2) Branch parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
misys fusioncapital_opics_plus -
CVE-2016-5654 HIGH

Misys FusionCapital Opics Plus allows remote authenticated users to gain privileges via a man-in-the-middle attack that modifies the xmlMessageOut parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
misys fusioncapital_opics_plus -
CVE-2016-5655 MEDIUM

Misys FusionCapital Opics Plus does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
misys fusioncapital_opics_plus -