CVE-2018-19830

Name of the Vulnerable Software and Affected Versions Business Alliance Financial Circle (BAFC) smart contract implementation (affected versions not specified)

Description The issue concerns the UBSexToken() function in the smart contract implementation, which is public by default and lacks caller identity checks. This allows attackers to change the contract's owner.

Recommendations As a temporary workaround, consider restricting access to the UBSexToken() function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.