exploitDog

CVE-2014-0357

Опубликовано: 15 апр. 2014

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

Amtelco miSecureMessages allows remote attackers to read the messages of arbitrary users via an XML request containing a valid license key and a modified contactID value, as demonstrated by a request from the iOS or Android application.

Ссылки

http://ics-cert.us-cert.gov/advisories/ICSA-14-121-01
US Government Resource
http://www.kb.cert.org/vuls/id/251628
US Government Resource
https://service.amtelco.com/INFINITY/MSM/MSM6.2SecurityBriefing.pdf
http://ics-cert.us-cert.gov/advisories/ICSA-14-121-01
US Government Resource
http://www.kb.cert.org/vuls/id/251628
US Government Resource
https://service.amtelco.com/INFINITY/MSM/MSM6.2SecurityBriefing.pdf

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:amtelco:misecuremessages:-:*:*:*:*:*:*:*

EPSS

Процентиль: 82%

0.01637

Низкий

5 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-9pww-fvv6-chh3

github

больше 3 лет назад

Amtelco miSecureMessages allows remote attackers to read the messages of arbitrary users via an XML request containing a valid license key and a modified contactID value, as demonstrated by a request from the iOS or Android application.

EPSS

Процентиль: 82%

0.01637

Низкий

5 Medium

CVSS2

Дефекты

CWE-287