CVE-2017-10816 – This is a critical SQL injection vulnerability ... (How to Fix)

Q: What is the severity of CVE-2017-10816?

CVE-2017-10816 has a CVSS score of 9.8 (CRITICAL). This is a critical SQL injection vulnerability in MaLion for Windows and Mac versions 5.0.0 to 5.2.1. Remote attackers can execute arbitrary SQL commands via the Relay Service Server, potentially leading to complete system compromise. Organizations using affected MaLion versions are at risk.

📋 TL;DR

This is a critical SQL injection vulnerability in MaLion for Windows and Mac versions 5.0.0 to 5.2.1. Remote attackers can execute arbitrary SQL commands via the Relay Service Server, potentially leading to complete system compromise. Organizations using affected MaLion versions are at risk.

💻 Affected Systems

Products:

MaLion for Windows
MaLion for Mac

Versions: 5.0.0 to 5.2.1

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Relay Service Server component is vulnerable. All installations within affected version range are vulnerable by default.

📦 What is this software?

Malion by Intercom

View all CVEs affecting Malion →

Malion by Intercom

View all CVEs affecting Malion →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover, data exfiltration, lateral movement within network, and persistent backdoor installation.

🟠

Likely Case

Database compromise, credential theft, and unauthorized access to sensitive information stored in MaLion systems.

🟢

If Mitigated

Limited impact with proper network segmentation, database permissions, and input validation controls in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection vulnerabilities are typically easy to exploit with readily available tools. The CVSS 9.8 score indicates trivial exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.2.2 or later

Vendor Advisory: http://www.intercom.co.jp/information/2017/0801.html

Restart Required: Yes

Instructions:

1. Download MaLion version 5.2.2 or later from official vendor site. 2. Stop MaLion services. 3. Install the updated version. 4. Restart services. 5. Verify successful update.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate MaLion Relay Service Server from untrusted networks and internet access

Database Permission Reduction

all

Limit database user permissions to minimum required functionality

🧯 If You Can't Patch

Implement strict network access controls to limit exposure of Relay Service Server
Deploy web application firewall with SQL injection protection rules

🔍 How to Verify

Check if Vulnerable:

Check MaLion version in application settings or installation directory. Versions 5.0.0 through 5.2.1 are vulnerable.

Check Version:

Check application About menu or installation properties

Verify Fix Applied:

Confirm MaLion version is 5.2.2 or later. Test Relay Service Server functionality remains operational.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed authentication attempts
Unexpected database schema changes

Network Indicators:

SQL syntax patterns in network traffic to Relay Service Server
Unusual outbound database connections

SIEM Query:

source="malion_logs" AND (sql OR injection OR UNION OR SELECT*)

📊 Metadata

CVE ID: CVE-2017-10816

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: August 4, 2017

Last Updated: April 20, 2025

🔗 References

http://www.intercom.co.jp/information/2017/0801.html Vendor Advisory
https://jvn.jp/en/vu/JVNVU91587298/index.html Third Party Advisory,VDB Entry
http://www.intercom.co.jp/information/2017/0801.html Vendor Advisory
https://jvn.jp/en/vu/JVNVU91587298/index.html Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-10816, you might also want to check these: