CVE-2014-0357

Amtelco miSecureMessages - Info Disclosure

Title source: llm

Description

Amtelco miSecureMessages allows remote attackers to read the messages of arbitrary users via an XML request containing a valid license key and a modified contactID value, as demonstrated by a request from the iOS or Android application.

References (3)

[US Government Resource] http://ics-cert.us-cert.gov/advisories/ICSA-14-121-01

[US Government Resource] http://www.kb.cert.org/vuls/id/251628

[Various Sources] https://service.amtelco.com/INFINITY/MSM/MSM6.2SecurityBriefing.pdf

Scores

EPSS 0.0164

EPSS Percentile 81.7%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

amtelco/misecuremessages

Timeline

Published Apr 15, 2014

Tracked Since Feb 18, 2026