Skip to main content

Banking

7 CVEs product

Monthly

CVE-2015-6747 MEDIUM This Month

Basware Banking (Maksuliikenne) 8.90.07.X does not properly prevent access to private keys, which allows remote attackers to spoof communications with banks via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Banking
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-6746 LOW Monitor

Basware Banking (Maksuliikenne) before 8.90.07.X stores private keys in plaintext in the SQL database, which allows remote attackers to spoof communications with banks via unspecified vectors. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Banking
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-6745 MEDIUM This Month

Basware Banking (Maksuliikenne) 8.90.07.X relies on the client to enforce account locking, which allows local users to bypass that security mechanism by deleting the entry from the locking table. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Banking
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2015-6744 MEDIUM This Month

Basware Banking (Maksuliikenne) before 8.90.07.X relies on the client to enforce (1) login verification, (2) audit trail creation, and (3) account locking, which allows remote attackers to "disrupt. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Banking
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-6743 MEDIUM This Month

Basware Banking (Maksuliikenne) 8.90.07.X uses a hardcoded password for an unspecified account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Banking
NVD
CVSS 2.0
6.5
EPSS
0.2%
CVE-2015-6742 MEDIUM This Month

Basware Banking (Maksuliikenne) before 8.90.07.X uses a hardcoded password for the ANCO account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Banking
NVD
CVSS 2.0
6.5
EPSS
0.2%
CVE-2015-0943 MEDIUM This Month

Basware Banking (Maksuliikenne) before 9.10.0.0 does not encrypt communication between the client and the backend server, which allows man-in-the-middle attackers to obtain encryption keys, user. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Banking
NVD
CVSS 2.0
5.8
EPSS
0.1%
EPSS 0% CVSS 5.0
MEDIUM This Month

Basware Banking (Maksuliikenne) 8.90.07.X does not properly prevent access to private keys, which allows remote attackers to spoof communications with banks via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Banking
NVD
EPSS 0% CVSS 2.1
LOW Monitor

Basware Banking (Maksuliikenne) before 8.90.07.X stores private keys in plaintext in the SQL database, which allows remote attackers to spoof communications with banks via unspecified vectors. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Banking
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Basware Banking (Maksuliikenne) 8.90.07.X relies on the client to enforce account locking, which allows local users to bypass that security mechanism by deleting the entry from the locking table. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Banking
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Basware Banking (Maksuliikenne) before 8.90.07.X relies on the client to enforce (1) login verification, (2) audit trail creation, and (3) account locking, which allows remote attackers to "disrupt. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Banking
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Basware Banking (Maksuliikenne) 8.90.07.X uses a hardcoded password for an unspecified account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Banking
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Basware Banking (Maksuliikenne) before 8.90.07.X uses a hardcoded password for the ANCO account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Banking
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

Basware Banking (Maksuliikenne) before 9.10.0.0 does not encrypt communication between the client and the backend server, which allows man-in-the-middle attackers to obtain encryption keys, user. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Banking
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy