Vulnerability Description
Amtelco miSecureMessages (aka MSM) 6.2 does not properly manage sessions, which allows remote authenticated users to obtain sensitive information via a modified message request.
CVSS Score
7.0
HIGH
AV:N/AC:M/Au:S/C:C/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amtelco | Misecuremessages | 6.2 |
Related Weaknesses (CWE)
References
- https://service.amtelco.com/INFINITY/MSM/MSM6.2SecurityBriefing.pdf
- https://www.cisa.gov/news-events/ics-advisories/icsa-14-121-01
- http://ics-cert.us-cert.gov/advisories/ICSA-14-121-01US Government Resource
- https://service.amtelco.com/INFINITY/MSM/MSM6.2SecurityBriefing.pdf
FAQ
What is CVE-2014-2347?
CVE-2014-2347 is a vulnerability with a CVSS score of 7.0 (HIGH). Amtelco miSecureMessages (aka MSM) 6.2 does not properly manage sessions, which allows remote authenticated users to obtain sensitive information via a modified message request.
How severe is CVE-2014-2347?
CVE-2014-2347 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-2347?
Check the references section above for vendor advisories and patch information. Affected products include: Amtelco Misecuremessages.