Description
Amtelco miSecureMessages allows remote attackers to read the messages of arbitrary users via an XML request containing a valid license key and a modified contactID value, as demonstrated by a request from the iOS or Android application.
References (3)
Core 3
Core References
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/251628
US Government Resource x_refsource_misc
http://ics-cert.us-cert.gov/advisories/ICSA-14-121-01
Various Sources x_refsource_misc
https://service.amtelco.com/INFINITY/MSM/MSM6.2SecurityBriefing.pdf
Scores
EPSS
0.0183
EPSS Percentile
76.2%
Details
CWE
CWE-287
Status
published
Products (1)
amtelco/misecuremessages
Published
Apr 15, 2014
Tracked Since
Feb 18, 2026