ASAS Server End User Self Service (EUSS) SQL Injection Vulnerability

Summary
The host is running Authenex ASAS and is prone to SQL injection vulnerability.
Impact
Successful exploitation will let attackers to authenex database, dump all the OTP tokens, users information including credentials. Impact Level: Application
Solution
Apply the patc from below link, http://support.authenex.com/ ***** NOTE: Ignore this warning, if above mentioned patch is manually applied. *****
Insight
The flaw is due to an input passed to the 'rgstcode' parameter in 'akeyActivationLogin.do', is not properly sanitised before being used in SQL queries.
Affected
Authenex ASAS version 3.1.0.3 and prior.
References