Basware Banking/Maksuliikenne, a cash/bank account management software package for enterprises from software vendor Basware, has multiple critical vulnerabilities, which are described in a report. These vulnerabilities were first observed and reported to Basware by security researcher and author of this report, Samuel Lavitt, in August 2012. These vulnerabilities, and exploits to unlawfully gain economically from them in an undetectable manner, were demonstrated by the author to Basware and CERT-FI (part of the National Cyber Security Centre Finland) on 7 July 2014. The Finnish Financial Supervisory Authority was also informed in July 2014. At least one vulnerability has been partially fixed since.
view the full story and report here
