CVE-2014-2347

Amtelco miSecureMessages <6.2 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-2347. PoCs published by Jared Bird.

AI-analyzed exploit summary The exploit demonstrates a session management vulnerability and authentication bypass in miSecureMessages, allowing unauthorized access to messages by manipulating the `contactID` parameter in SOAP requests.

Description

Amtelco miSecureMessages (aka MSM) 6.2 does not properly manage sessions, which allows remote authenticated users to obtain sensitive information via a modified message request.

Exploits (1)

exploitdb WORKING POC
by Jared Bird · textwebappsmultiple
https://www.exploit-db.com/exploits/33019

The exploit demonstrates a session management vulnerability and authentication bypass in miSecureMessages, allowing unauthorized access to messages by manipulating the `contactID` parameter in SOAP requests.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: miSecureMessages (Client=4.0.1, Server=6.2.4552.30017)
No auth needed
Prerequisites: Valid license key · Access to the SOAP endpoint
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

EPSS 0.0242
EPSS Percentile 82.2%

Details

CWE
CWE-200 CWE-264
Status published
Products (2)
amtelco/misecuremessages 6.2
AMTELCO/miSecureMessages 6.2
Published May 06, 2014
Tracked Since Feb 18, 2026