Basware Banking up to 8.90.07 privilege escalation [CVE-2015-6744] : 9/1/2015 5:09:01 AM
 | This eBook shows you how to build great push messages that convert for your app. From our sponsors |
| Vulnerability Advisories |
| Vulnerabilities of scip VulDB |
Basware Banking up to 8.90.07 privilege escalation [CVE-2015-6744]
8/30/2015 7:00:00 PM
General
scipID: 77507
Affected: Basware Banking up to 8.90.07
Published: 08/31/2015
Risk: critical
Created: 09/01/2015
Entry: 65.8% complete
Summary
A vulnerability was found in Basware Banking up to 8.90.07. It has been rated as critical. This issue affects an unknown function. The manipulation with an unknown input leads to a privilege escalation vulnerability. Impacted is confidentiality, integrity, and availability. The summary by CVE is:
Basware Banking (Maksuliikenne) before 8.90.07.X relies on the client to enforce (1) login verification, (2) audit trail creation, and (3) account locking, which allows remote attackers to “disrupt security-critical functions” by “dropping network traffic.” NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability type and different affected versions.
The weakness was disclosed 08/31/2015. The identification of this vulnerability is CVE-2015-6744. The attack may be initiated remotely. The technical details are unknown and an exploit is not publicly available.
Upgrading to version 8.90.07.X eliminates this vulnerability.CVSS
Base Score: 6.0 (CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P) [?]
Temp Score: 5.2 (CVSS2#E:ND/RL:OF/RC:ND) [?]
CPE
Exploiting
Class: Privilege escalation
Local: No
Remote: Yes
Availability: No
Countermeasures
Recommended: Upgrade
Status: Official fix
0-Day Time: 0 days since found
Upgrade: Banking 8.90.07.X
Timeline
08/31/2015 | Advisory disclosed
09/01/2015 | VulDB entry created
09/01/2015 | VulDB entry updated
Sources
CVE: CVE-2015-6744 (mitre.org) (nvd.nist.org) (cvedetails.com)
You are receiving this email because you subscribed to this feed at feedmyinbox.com
If you no longer wish to receive these emails, you can unsubscribe from this feed, or manage all your subscriptions