CVE-2018-19830 - The UBSexToken() function of a smart contract implementation for Business Alliance Financial Circle

CVE-2018-19830

Summary

The UBSexToken() function of a smart contract implementation for Business Alliance Financial Circle (BAFC), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function is public (by default) and does not check the caller's identity.

References

https://github.com/SmartContractResearcher/SmartContractSecurity/blob/master/New%20Vulnerabilities%20Allow%20Anyone%20to%20Own%20Certain%20ERC20-Based%20Smart%20Contracts(CVE-2018-19830%2C%20CVE-2018-19831%2C%20CVE-2018-19832%2C%20CVE-2018-19833%2C%20CVE-2018-19834)/README.md

Vulnerable Configurations

cpe:2.3:a:business_alliance_financial_circle_project:business_alliance_financial_circle:-:*:*:*:*:*:*:*
cpe:2.3:a:business_alliance_financial_circle_project:business_alliance_financial_circle:-:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 14-01-2020 - 13:32)
Impact:
Exploitability:

CWE

CWE-862

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:P/A:N

refmap via4

misc

https://github.com/SmartContractResearcher/SmartContractSecurity/blob/master/New%20Vulnerabilities%20Allow%20Anyone%20to%20Own%20Certain%20ERC20-Based%20Smart%20Contracts(CVE-2018-19830%2C%20CVE-2018-19831%2C%20CVE-2018-19832%2C%20CVE-2018-19833%2C%20CVE-2018-19834)/README.md

Last major update

14-01-2020 - 13:32

Published

31-12-2019 - 16:15

Last modified

14-01-2020 - 13:32