QwikSec

Security Database

CVE

CWE

Training

CVE-2015-0943

Published: Aug 31, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

Basware Banking (Maksuliikenne) before 9.10.0.0 does not encrypt communication between the client and the backend server, which allows man-in-the-middle attackers to obtain encryption keys, user credentials, and other sensitive information by sniffing the network or modify this traffic by inserting packets into the client-server data stream.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20150727 Multiple unresolved vulnerabilities in Basware Banking/Maksuliikenne

mailing-list

x_refsource_FULLDISC

https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2015/haavoittuvuus-2015-018.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.