Lucene search

[email protected]CVE-2015-6742

HistoryAug 31, 2015 - 2:59 p.m.

CVE-2015-6742

2015-08-3114:59:00

CWE-255

[email protected]

web.nvd.nist.gov

basware banking

maksuliikenne

hardcoded password

anco account

remote authentication

access restrictions

vulnerability

6.4 Medium

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

64.5%

JSON

Basware Banking (Maksuliikenne) before 8.90.07.X uses a hardcoded password for the ANCO account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability types and different affected versions.

CPENameOperatorVersion
basware:bankingbasware bankingle8.90.07

CPE	Name	Operator	Version
basware:banking	basware banking	le	8.90.07

References

seclists.org/fulldisclosure/2015/Jul/120

www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2015/haavoittuvuus-2015-018.html

6.4 Medium

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

64.5%

JSON

Related for CVE-2015-6742

cvelist6 prion6 cve6 securityvulns2