CVE-2017-6550 – This CVE describes multiple SQL injection vulne... (How to Fix)

Q: What is the severity of CVE-2017-6550?

CVE-2017-6550 has a CVSS score of 9.8 (CRITICAL). This CVE describes multiple SQL injection vulnerabilities in Kinsey Infor-Lawson (formerly ESBUS) software. Attackers can execute arbitrary SQL commands via TABLE or QUERY parameters in specific endpoints, potentially compromising database integrity and confidentiality. Organizations using affected Kinsey Infor-Lawson/ESBUS systems are vulnerable.

📋 TL;DR

This CVE describes multiple SQL injection vulnerabilities in Kinsey Infor-Lawson (formerly ESBUS) software. Attackers can execute arbitrary SQL commands via TABLE or QUERY parameters in specific endpoints, potentially compromising database integrity and confidentiality. Organizations using affected Kinsey Infor-Lawson/ESBUS systems are vulnerable.

💻 Affected Systems

Products:

Kinsey Infor-Lawson
ESBUS

Versions: Specific versions not publicly documented, but all versions with vulnerable endpoints are affected.

Operating Systems: Any OS running the vulnerable software

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerable endpoints: esbus/servlet/GetSQLData (TABLE parameter) and KK_LS9ReportingPortal/GetData (QUERY parameter)

📦 What is this software?

Infor Lawson by Kinsey

View all CVEs affecting Infor Lawson →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise allowing data theft, data manipulation, privilege escalation, and potential remote code execution on the database server.

🟠

Likely Case

Unauthorized data access, data exfiltration, and potential application-level compromise.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and network segmentation in place.

🌐 Internet-Facing: HIGH - Exploit requires only HTTP requests to vulnerable endpoints with no authentication.

🏢 Internal Only: HIGH - Even internal systems are vulnerable to authenticated or unauthenticated attackers with network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code available, simple HTTP requests with SQL injection payloads in parameters.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified

Vendor Advisory: No official vendor advisory found

Restart Required: No

Instructions:

1. Contact Kinsey/Infor-Lawson vendor for patches or updates. 2. Apply vendor-provided fixes. 3. Test in non-production environment first.

🔧 Temporary Workarounds

Web Application Firewall (WAF)

all

Deploy WAF with SQL injection rules to block malicious requests to vulnerable endpoints.

Input Validation Filter

all

Implement input validation to reject suspicious characters in TABLE and QUERY parameters.

🧯 If You Can't Patch

Block access to vulnerable endpoints (esbus/servlet/GetSQLData and KK_LS9ReportingPortal/GetData) at network perimeter.
Implement strict network segmentation to isolate affected systems from untrusted networks.

🔍 How to Verify

Check if Vulnerable:

Test endpoints with SQL injection payloads: Send HTTP requests to /esbus/servlet/GetSQLData?TABLE=test' OR '1'='1 and /KK_LS9ReportingPortal/GetData?QUERY=test' OR '1'='1

Check Version:

Check application version through admin interface or contact vendor.

Verify Fix Applied:

Verify that SQL injection payloads no longer execute and return error or sanitized responses.

📡 Detection & Monitoring

Log Indicators:

HTTP requests to /esbus/servlet/GetSQLData or /KK_LS9ReportingPortal/GetData with SQL keywords in parameters
Unusual database query patterns from application server

Network Indicators:

HTTP traffic containing SQL injection patterns (UNION, SELECT, etc.) in GET parameters

SIEM Query:

source="web_logs" AND (uri_path="/esbus/servlet/GetSQLData" OR uri_path="/KK_LS9ReportingPortal/GetData") AND (param="*SELECT*" OR param="*UNION*" OR param="*OR*1*1*")

📊 Metadata

CVE ID: CVE-2017-6550

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: March 20, 2017

Last Updated: April 20, 2025

🔗 References

http://packetstormsecurity.com/files/141575/Kinseys-Infor-Lawson-SQL-Injection.html Exploit,Third Party Advisory,VDB Entry
http://seclists.org/fulldisclosure/2017/Mar/31 Exploit,Mailing List,Third Party Advisory
http://www.securityfocus.com/bid/96821 Exploit,Third Party Advisory,VDB Entry
https://www.exploit-db.com/exploits/41577/ Exploit,Third Party Advisory,VDB Entry
http://packetstormsecurity.com/files/141575/Kinseys-Infor-Lawson-SQL-Injection.html Exploit,Third Party Advisory,VDB Entry
http://seclists.org/fulldisclosure/2017/Mar/31 Exploit,Mailing List,Third Party Advisory
http://www.securityfocus.com/bid/96821 Exploit,Third Party Advisory,VDB Entry
https://www.exploit-db.com/exploits/41577/ Exploit,Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-6550, you might also want to check these: