CVE-2024-55517 identifies a critical SQL injection vulnerability in the Interllect Core Search module of Polaris FT Intellect Core Banking version 9.5. The vulnerability stems from improper sanitization of the groupType parameter passed to the /SCGController endpoint. When an authenticated user submits crafted input via this parameter, the backend SQL queries are manipulated, enabling unauthorized execution of arbitrary SQL commands. This can lead to unauthorized data access, data modification, or deletion, and potentially full compromise of the banking system's database. The vulnerability is classified under CWE-89 (SQL Injection) and has a CVSS v3.1 base score of 8.8, reflecting high impact across confidentiality, integrity, and availability. The attack vector is network-based (AV:N), requires low attack complexity (AC:L), and only requires privileges of an authenticated user (PR:L) without additional user interaction (UI:N). The scope is unchanged (S:U), meaning the impact is limited to the vulnerable component but can still be severe. No patches or public exploits are currently available, increasing the urgency for organizations to implement mitigations proactively. Given the critical role of core banking systems, exploitation could disrupt financial operations and expose sensitive customer data.

The potential impact of CVE-2024-55517 is severe for organizations using Polaris FT Intellect Core Banking 9.5. Successful exploitation can lead to unauthorized disclosure of sensitive financial data, modification or deletion of critical banking records, and disruption of banking services. This can result in financial losses, regulatory penalties, reputational damage, and erosion of customer trust. Since the vulnerability requires authenticated access, insider threats or compromised credentials could be leveraged to exploit it. The ability to execute arbitrary SQL commands can also facilitate further lateral movement within the network or deployment of ransomware. Financial institutions worldwide relying on this software face significant operational and compliance risks if the vulnerability is exploited. The absence of known public exploits currently provides a window for remediation, but the high CVSS score underscores the urgency of addressing the issue.

To mitigate CVE-2024-55517, organizations should implement the following specific measures: 1) Apply vendor patches immediately once available; 2) Until patches are released, restrict access to the /SCGController endpoint to only trusted and necessary authenticated users; 3) Implement strict input validation and sanitization on the groupType parameter to reject or properly escape malicious input; 4) Employ parameterized queries or prepared statements in the backend code to prevent SQL injection; 5) Conduct thorough code reviews and security testing focused on input handling in the Interllect Core Search module; 6) Monitor database logs and application logs for unusual query patterns or errors indicative of injection attempts; 7) Enforce strong authentication and credential management to reduce risk of compromised accounts; 8) Segment the network to limit the impact of potential exploitation; 9) Educate staff about the risks of SQL injection and the importance of secure coding practices. These steps will help reduce the attack surface and protect critical banking data until a permanent fix is deployed.