ID CVE-2015-6743
Summary Basware Banking (Maksuliikenne) 8.90.07.X uses a hardcoded password for an unspecified account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability types and different affected versions.
References
Vulnerable Configurations
  • cpe:2.3:a:basware:banking:*:*:*:*:*:*:*:*
    cpe:2.3:a:basware:banking:*:*:*:*:*:*:*:*
CVSS
Base: 6.5 (as of 31-08-2015 - 19:07)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:P/A:P
refmap via4
fulldisc 20150727 Multiple unresolved vulnerabilities in Basware Banking/Maksuliikenne
misc https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2015/haavoittuvuus-2015-018.html
Last major update 31-08-2015 - 19:07
Published 31-08-2015 - 14:59
Last modified 31-08-2015 - 19:07
Back to Top