Banking Security Vulnerabilities and Issues — Banking CVE List

BaswareBanking

7 matches found

CVE•added 2015/08/31 2:8 p.m.•60 views

CVE-2015-6746

CVE-2015-6746 affects Basware Banking (Maksuliikenne) prior to 8.90.07.X. The vulnerability arises because private keys are stored in plaintext in the SQL database, enabling remote attackers to spoof communications with banks via unspecified vectors. CNVD entries corroborate the issue in 8.90.07....

2.1CVSS7AI score0.00571EPSS

CVE•added 2015/08/31 2:8 p.m.•46 views

CVE-2015-6747

The Basware Banking (Maksuliikenne) vulnerability CVE-2015-6747 affects Basware Banking 8.90.07.X and earlier, where private keys are stored in plaintext in the SQL database. This storage flaw enables remote attackers to spoof communications with banks through unspecified vectors. CNVD-2015-05816...

5CVSS6.5AI score0.01227EPSS

CVE•added 2015/08/31 2:8 p.m.•44 views

CVE-2015-0943

Basware Banking/Maksuliikenne, prior to version 9.10.0.0, transmits client–backend data unencrypted, enabling network attackers to sniff keys, credentials and sensitive information or modify traffic. The vulnerability affects the Windows-based thick client/server setup (Solid DB on the server). R...

5.8CVSS6.2AI score0.00534EPSS

CVE•added 2015/08/31 2:8 p.m.•44 views

CVE-2015-6742

CVE-2015-6742 affects Basware Banking (Maksuliikenne) prior to 8.90.07.X, where a hard-coded ANCO account password allows remote authenticated users to bypass access restrictions. The issue is documented across multiple sources (including CNVD-2015-05813) as a hard-coded-credential vulnerability ...

6.5CVSS6.4AI score0.01157EPSS

CVE•added 2015/08/31 2:8 p.m.•43 views

CVE-2015-6745

Baseline affected software: Basware Banking (Maksuliikenne), version 8.90.07.X and earlier. Vulnerability: the product relies on the client to enforce account locking, enabling a local attacker to bypass the security mechanism by deleting entries in the locking list (or locking table). Root cause...

4.6CVSS6.2AI score0.0033EPSS

CVE•added 2015/08/31 2:8 p.m.•38 views

CVE-2015-6743

Basware Banking (Maksuliikenne) 8.90.07.X is affected by a hardcoded password vulnerability. The hardcoded credential allows remote authenticated users to bypass intended access restrictions by exploiting knowledge of the password. Public descriptions indicate the issue affects 8.90.07.X and earl...

6.5CVSS6.4AI score0.01139EPSS

CVE•added 2015/08/31 2:8 p.m.•37 views

CVE-2015-6744

Basware Banking (Maksuliikenne) before 8.90.07.X relies on client-side enforcement of login verification, audit trail, and account locking, enabling a remote attacker to disrupt security-critical functions by dropping network traffic. Connected sources (CNVD/NVD family) describe this issue under ...

4.3CVSS6.5AI score0.01121EPSS