Vulnerabilities > CVE-2018-19830 - Missing Authorization vulnerability in Business Alliance Financial Circle Project Business Alliance Financial Circle

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE

Summary

The UBSexToken() function of a smart contract implementation for Business Alliance Financial Circle (BAFC), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function is public (by default) and does not check the caller's identity.

Common Weakness Enumeration (CWE)