CVE-2015-6744 - Basware Banking (Maksuliikenne) before 8.90.07.X relies on the client to enforce (1) login verificat

CVE-2015-6744

Summary

Basware Banking (Maksuliikenne) before 8.90.07.X relies on the client to enforce (1) login verification, (2) audit trail creation, and (3) account locking, which allows remote attackers to "disrupt security-critical functions" by "dropping network traffic." NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability type and different affected versions.

References

Vulnerable Configurations

cpe:2.3:a:basware:banking:*:*:*:*:*:*:*:*
cpe:2.3:a:basware:banking:*:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 31-08-2015 - 19:07)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

refmap via4

fulldisc	20150727 Multiple unresolved vulnerabilities in Basware Banking/Maksuliikenne
misc	https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2015/haavoittuvuus-2015-018.html

Last major update

31-08-2015 - 19:07

Published

31-08-2015 - 14:59

Last modified

31-08-2015 - 19:07