CVE-2014-0357 - OpenCVE

Amtelco miSecureMessages allows remote attackers to read the messages of arbitrary users via an XML request containing a valid license key and a modified contactID value, as demonstrated by a request from the iOS or Android application.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Amtelco	Misecuremessages

Configuration 1 [-]

cpe:2.3:a:amtelco:misecuremessages:-:*:*:*:*:*:*:*

References

Link	Resource
http://ics-cert.us-cert.gov/advisories/ICSA-14-121-01	US Government Resource
http://www.kb.cert.org/vuls/id/251628	US Government Resource
https://service.amtelco.com/INFINITY/MSM/MSM6.2SecurityBriefing.pdf

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: certcc

Published: 2014-04-15T10:00:00

Updated: 2014-05-06T01:57:00

Reserved: 2013-12-05T00:00:00

Link: CVE-2014-0357

JSON object: View

NVD Information

Status : Modified

Published: 2014-04-15T10:55:12.087

Modified: 2014-05-10T04:02:08.380

Link: CVE-2014-0357

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-04-11T00:00:00", "descriptions": [{"lang": "en", "value": "Amtelco miSecureMessages allows remote attackers to read the messages of arbitrary users via an XML request containing a valid license key and a modified contactID value, as demonstrated by a request from the iOS or Android application."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-05-06T01:57:00", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "VU#251628", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/251628"}, {"tags": ["x_refsource_MISC"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-121-01"}, {"tags": ["x_refsource_MISC"], "url": "https://service.amtelco.com/INFINITY/MSM/MSM6.2SecurityBriefing.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2014-0357", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Amtelco miSecureMessages allows remote attackers to read the messages of arbitrary users via an XML request containing a valid license key and a modified contactID value, as demonstrated by a request from the iOS or Android application."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "VU#251628", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/251628"}, {"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-121-01", "refsource": "MISC", "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-121-01"}, {"name": "https://service.amtelco.com/INFINITY/MSM/MSM6.2SecurityBriefing.pdf", "refsource": "MISC", "url": "https://service.amtelco.com/INFINITY/MSM/MSM6.2SecurityBriefing.pdf"}]}}}}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2014-0357", "datePublished": "2014-04-15T10:00:00", "dateReserved": "2013-12-05T00:00:00", "dateUpdated": "2014-05-06T01:57:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}