CVE-2015-6746

Basware Banking Maksuliikenne before 8.90.07.X stores private keys in plaintext in the SQL database, which allows remote attackers to spoof communications with banks via unspecified vectors. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 due to different vulnerability types...

CVE-2015-6745

Basware Banking Maksuliikenne 8.90.07.X relies on the client to enforce account locking, which allows local users to bypass that security mechanism by deleting the entry from the locking table. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability typ...

Design/Logic Flaw

Basware Banking Maksuliikenne before 8.90.07.X stores private keys in plaintext in the SQL database, which allows remote attackers to spoof communications with banks via unspecified vectors. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 due to different vulnerability types...

Hardcoded credentials

Basware Banking Maksuliikenne 8.90.07.X uses a hardcoded password for an unspecified account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to...

Security feature bypass

Basware Banking Maksuliikenne before 8.90.07.X relies on the client to enforce 1 login verification, 2 audit trail creation, and 3 account locking, which allows remote attackers to "disrupt security-critical functions" by "dropping network traffic." NOTE: this identifier was SPLIT from...

CVE-2015-0943

Basware Banking Maksuliikenne before 9.10.0.0 does not encrypt communication between the client and the backend server, which allows man-in-the-middle attackers to obtain encryption keys, user credentials, and other sensitive information by sniffing the network or modify this traffic by inserting...

CVE-2015-0943

Basware Banking Maksuliikenne before 9.10.0.0 does not encrypt communication between the client and the backend server, which allows man-in-the-middle attackers to obtain encryption keys, user credentials, and other sensitive information by sniffing the network or modify this traffic by inserting...

CVE-2015-6742

Basware Banking Maksuliikenne before 8.90.07.X uses a hardcoded password for the ANCO account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to...

CVE-2015-6743

Basware Banking Maksuliikenne 8.90.07.X uses a hardcoded password for an unspecified account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to...

CVE-2015-6744

Basware Banking Maksuliikenne before 8.90.07.X relies on the client to enforce 1 login verification, 2 audit trail creation, and 3 account locking, which allows remote attackers to "disrupt security-critical functions" by "dropping network traffic." NOTE: this identifier was SPLIT from...

CVE-2015-0943

Basware Banking/Maksuliikenne, prior to version 9.10.0.0, transmits client–backend data unencrypted, enabling network attackers to sniff keys, credentials and sensitive information or modify traffic. The vulnerability affects the Windows-based thick client/server setup (Solid DB on the server). R...

CVE-2015-6742

CVE-2015-6742 affects Basware Banking (Maksuliikenne) prior to 8.90.07.X, where a hard-coded ANCO account password allows remote authenticated users to bypass access restrictions. The issue is documented across multiple sources (including CNVD-2015-05813) as a hard-coded-credential vulnerability ...

CVE-2015-6743

Basware Banking (Maksuliikenne) 8.90.07.X is affected by a hardcoded password vulnerability. The hardcoded credential allows remote authenticated users to bypass intended access restrictions by exploiting knowledge of the password. Public descriptions indicate the issue affects 8.90.07.X and earl...

CVE-2015-6745

Baseline affected software: Basware Banking (Maksuliikenne), version 8.90.07.X and earlier. Vulnerability: the product relies on the client to enforce account locking, enabling a local attacker to bypass the security mechanism by deleting entries in the locking list (or locking table). Root cause...

CVE-2015-6746

CVE-2015-6746 affects Basware Banking (Maksuliikenne) prior to 8.90.07.X. The vulnerability arises because private keys are stored in plaintext in the SQL database, enabling remote attackers to spoof communications with banks via unspecified vectors. CNVD entries corroborate the issue in 8.90.07....

Multiple unresolved vulnerabilities in Basware Banking/Maksuliikenne

English: Multiple vulnerabilities in Basware Banking/Maksuliikenne software that were reported already 08/2012 may still enable undetectable economic crimes against user organizations companies Finnish: Basware Banking/Maksuliikenne -ohjelmiston haavoittuvuudet, joista raportoitiin jo 08/2012,...