CVE-2018-11634

HIGH

Dialogic PowerMedia XMS < 3.5 SU2 - Plaintext Password Storage in Administrative Console

Title source: llm
STIX 2.1

Description

Plaintext Storage of Passwords in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows local users to access the web application's user passwords in cleartext by reading /var/www/xms/xmsdb/default.db.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://d3adend.org/blog/?p=1398

Scores

CVSS v3 7.8
EPSS 0.0039
EPSS Percentile 30.8%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-522
Status published
Products (2)
dialogic/powermedia_xms 3.5 su1
dialogic/powermedia_xms < 3.5
Published Jul 03, 2018
Tracked Since Feb 18, 2026