Vulnerability Description
Amtelco miSecureMessages allows remote attackers to read the messages of arbitrary users via an XML request containing a valid license key and a modified contactID value, as demonstrated by a request from the iOS or Android application.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amtelco | Misecuremessages | - |
Related Weaknesses (CWE)
References
- http://ics-cert.us-cert.gov/advisories/ICSA-14-121-01US Government Resource
- http://www.kb.cert.org/vuls/id/251628US Government Resource
- https://service.amtelco.com/INFINITY/MSM/MSM6.2SecurityBriefing.pdf
- http://ics-cert.us-cert.gov/advisories/ICSA-14-121-01US Government Resource
- http://www.kb.cert.org/vuls/id/251628US Government Resource
- https://service.amtelco.com/INFINITY/MSM/MSM6.2SecurityBriefing.pdf
FAQ
What is CVE-2014-0357?
CVE-2014-0357 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Amtelco miSecureMessages allows remote attackers to read the messages of arbitrary users via an XML request containing a valid license key and a modified contactID value, as demonstrated by a request ...
How severe is CVE-2014-0357?
CVE-2014-0357 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0357?
Check the references section above for vendor advisories and patch information. Affected products include: Amtelco Misecuremessages.