CVE-2015-6742

Description

Basware Banking (Maksuliikenne) before 8.90.07.X uses a hardcoded password for the ANCO account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability types and different affected versions.

Predictions

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

References

• http://seclists.org/fulldisclosure/2015/Jul/120
• https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2015/haavoittuvuus-2015-018.html
• http://seclists.org/fulldisclosure/2015/Jul/120
• https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2015/haavoittuvuus-2015-018.html

CWEs

CWE-255

💬 Discuss CVE-2015-6742 on VIR Community →

Community-verified mitigations for this CVE will appear above when contributors publish them.