Samuel Lavitt

**Name of the Vulnerable Software and Affected Versions** Basware Banking (Maksuliikenne) versions prior to 9.10.0.0 **Description** The issue allows man-in-the-middle attackers to obtain sensitive information, including encryption keys and user credentials, by sniffing the network or modifying the traffic. This is possible because communication between the client and the backend server is not encrypted. **Recommendations** For versions prior to 9.10.0.0, update to version 9.10.0.0 or later to ensure encryption of communication between the client and the backend server.

**Name of the Vulnerable Software and Affected Versions** Basware Banking (Maksuliikenne) versions prior to 8.90.07.X **Description** The issue allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of a hardcoded password for the ANCO account. **Recommendations** For versions prior to 8.90.07.X, update to version 8.90.07.X or later to resolve the issue. As a temporary workaround, consider restricting access to the ANCO account until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Basware Banking (Maksuliikenne) version 8.90.07.X **Description** The issue allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of a hardcoded password for an unspecified account. **Recommendations** For Basware Banking (Maksuliikenne) version 8.90.07.X, consider changing the hardcoded password to a unique and secure password to prevent unauthorized access. As a temporary workaround, restrict access to the account that uses the hardcoded password until a more permanent solution is implemented.