CVE-2018-11635

2018-07-0317:00:00

mitre

www.cve.org

AI Score

9.5

Confidence

High

EPSS

0.01

Percentile

83.7%

JSON

Use of a Hard-coded Cryptographic Key used to protect cookie session data in /var/www/xms/application/config/config.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to bypass authentication.

References

d3adend.org/blog/?p=1398