Vulnerabilities > CVE-2015-6743 - Credentials Management vulnerability in Basware Banking

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

basware

CWE-255

NVD

Published: 2015-08-31

Updated: 2015-08-31

Summary

Basware Banking (Maksuliikenne) 8.90.07.X uses a hardcoded password for an unspecified account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability types and different affected versions.

Vulnerable Configurations

Part	Description	Count
Application	Basware Basware Banking *	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://seclists.org/fulldisclosure/2015/Jul/120
https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2015/haavoittuvuus-2015-018.html