CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-11635

Use of a Hard-coded Cryptographic Key used to protect cookie session data in /var/www/xms/application/config/config.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to bypass authentication.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.011

EPSS Ranking 77.2%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://d3adend.org/blog/?p=1398
https://d3adend.org/blog/?p=1398

Products affected by CVE-2018-11635

Dialogic » Powermedia Xms » Version: 3.5

cpe:2.3:a:dialogic:powermedia_xms:3.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-11635

Products

Pricing

Contact Us