CVE-2018-19830

HIGH

Smart Contract - Privilege Escalation

Title source: llm
STIX 2.1

Description

The UBSexToken() function of a smart contract implementation for Business Alliance Financial Circle (BAFC), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function is public (by default) and does not check the caller's identity.

Scores

CVSS v3 7.5
EPSS 0.0093
EPSS Percentile 56.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-862
Status published
Products (1)
business_alliance_financial_circle_project/business_alliance_financial_circle
Published Dec 31, 2019
Tracked Since Feb 18, 2026