Lucene search

[email protected]NVD:CVE-2015-6742

HistoryAug 31, 2015 - 2:59 p.m.

CVE-2015-6742

2015-08-3114:59:01

CWE-255

[email protected]

web.nvd.nist.gov

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

6.2

Confidence

Low

EPSS

0.002

Percentile

64.8%

JSON

Basware Banking (Maksuliikenne) before 8.90.07.X uses a hardcoded password for the ANCO account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability types and different affected versions.

Affected configurations

Nvd

Node

baswarebankingRange≤8.90.07

VendorProductVersionCPE
baswarebanking*cpe:2.3:a:basware:banking:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
basware	banking	*	cpe:2.3:a:basware:banking::::::::

References

seclists.org/fulldisclosure/2015/Jul/120

www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2015/haavoittuvuus-2015-018.html

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

6.2

Confidence

Low

EPSS

0.002

Percentile

64.8%

JSON

Related for NVD:CVE-2015-6742

cvelist7 prion6 cve7 nvd6 securityvulns2