Basware Banking 8.90.07.X privilege escalation [CVE-2015-6745] : 9/1/2015 5:09:01 AM
 | Start a FREE Trial with New Relic and we'll send you this geek-chic shirt 4 FREE From our sponsors |
| Vulnerability Advisories |
| Vulnerabilities of scip VulDB |
Basware Banking 8.90.07.X privilege escalation [CVE-2015-6745]
8/30/2015 7:00:00 PM
General
scipID: 77508
Affected: Basware Banking 8.90.07.X
Published: 08/31/2015
Risk: problematic
Created: 09/01/2015
Entry: 64.3% complete
Summary
A vulnerability classified as problematic has been found in Basware Banking 8.90.07.X. Affected is an unknown function. The manipulation with an unknown input leads to a privilege escalation vulnerability. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:
Basware Banking (Maksuliikenne) 8.90.07.X relies on the client to enforce account locking, which allows local users to bypass that security mechanism by deleting the entry from the locking table. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability type and different affected versions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-6744.
The weakness was presented 08/31/2015. This vulnerability is traded as CVE-2015-6745. The attack needs to be approached locally. There are neither technical details nor an exploit publicly available.
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
CVSS
Base Score: 4.1 (CVSS2#AV:L/AC:M/Au:S/C:P/I:P/A:P) [?]
Temp Score: 4.1 (CVSS2#E:ND/RL:ND/RC:ND) [?]
CPE
Exploiting
Class: Privilege escalation
Local: Yes
Remote: No
Availability: No
Countermeasures
Recommended: no mitigation known
0-Day Time: 0 days since found
Timeline
08/31/2015 | Advisory disclosed
09/01/2015 | VulDB entry created
09/01/2015 | VulDB entry updated
Sources
CVE: CVE-2015-6745 (mitre.org) (nvd.nist.org) (cvedetails.com)
You are receiving this email because you subscribed to this feed at feedmyinbox.com
If you no longer wish to receive these emails, you can unsubscribe from this feed, or manage all your subscriptions