Max CVSS | 6.5 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2015-6747 | 5.0 |
Basware Banking (Maksuliikenne) 8.90.07.X does not properly prevent access to private keys, which allows remote attackers to spoof communications with banks via unspecified vectors. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 due to
|
31-08-2015 - 19:08 | 31-08-2015 - 14:59 | |
CVE-2015-6746 | 2.1 |
Basware Banking (Maksuliikenne) before 8.90.07.X stores private keys in plaintext in the SQL database, which allows remote attackers to spoof communications with banks via unspecified vectors. NOTE: this identifier was SPLIT from CVE-2015-0942 per A
|
31-08-2015 - 19:08 | 31-08-2015 - 14:59 | |
CVE-2015-6745 | 4.6 |
Basware Banking (Maksuliikenne) 8.90.07.X relies on the client to enforce account locking, which allows local users to bypass that security mechanism by deleting the entry from the locking table. NOTE: this identifier was SPLIT from CVE-2015-0942 pe
|
31-08-2015 - 19:08 | 31-08-2015 - 14:59 | |
CVE-2015-6744 | 4.3 |
Basware Banking (Maksuliikenne) before 8.90.07.X relies on the client to enforce (1) login verification, (2) audit trail creation, and (3) account locking, which allows remote attackers to "disrupt security-critical functions" by "dropping network tr
|
31-08-2015 - 19:07 | 31-08-2015 - 14:59 | |
CVE-2015-6743 | 6.5 |
Basware Banking (Maksuliikenne) 8.90.07.X uses a hardcoded password for an unspecified account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. NOTE: this identifier was SPLIT
|
31-08-2015 - 19:07 | 31-08-2015 - 14:59 | |
CVE-2015-6742 | 6.5 |
Basware Banking (Maksuliikenne) before 8.90.07.X uses a hardcoded password for the ANCO account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. NOTE: this identifier was SPLIT
|
31-08-2015 - 19:06 | 31-08-2015 - 14:59 | |
CVE-2015-0943 | 5.8 |
Basware Banking (Maksuliikenne) before 9.10.0.0 does not encrypt communication between the client and the backend server, which allows man-in-the-middle attackers to obtain encryption keys, user credentials, and other sensitive information by sniffin
|
31-08-2015 - 17:44 | 31-08-2015 - 14:59 |