La plateforme logistique maritime Navis très vulnérable

0
488
Le logiciel de fret maritime Navis est victime d'une faille de sécurité critique

Le Cargo Community System américain Navis, une plateforme logistique dédiée au transports maritimes, est victime d’une faille de sécurité critique par injection SQL, ce qui mettrait l’ensemble des données de ses clients en péril. | via Security Affairs

Navis WebAccess app used by US Ports is affected by a SQL injection flaw | via Security Affairs

The Navis WebAccess application used in the transportation sector worldwide is affected by a high severity SQL injection vulnerability.

A software used in the US ports is affected by a high severity SQL Injection vulnerability (CVE-2016-5817). The flaw was discovered by a hacker behind the online moniker “bRpsd,” the expert has discovered the vulnerability in the Navis WebAccess application, a web-based software that provides transport operators real-time access to operational logistics information. The Navis WebAccess is a legacy product that is still used by only 13 organizations worldwide, five of them are located in the United States including Georgia Ports Authority, the Port of Virginia, Port of Houston Authority, and Ports America…

Source : Navis WebAccess app used by US Ports is affected by a SQL injection flawSecurity Affairs