TeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability

TeleMessage TM SGNL contains an exposure of core dump file to an unauthorized control sphere Vulnerability. This vulnerability is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dum...

TeleMessage 安全漏洞

TeleMessage is a secure and compliant messaging solution for organizations from TeleMessage Israel. A security vulnerability exists in TeleMessage version 2025-05-05 and earlier, which stems from an administrative panel that allows an attacker to discover usernames, email addresses, passwords, an...

CVE-2025-48926

CVE-2025-48926 affects the TeleMessage service admin panel (through 2025-05-05). The vulnerability enables an attacker to enumerate sensitive user data including usernames, email addresses, passwords, and telephone numbers via the administrative interface, constituting a high confidentiality impa...

PT-2025-23101 · Unknown · Telemessage

Name of the Vulnerable Software and Affected Versions: TeleMessage service through 2025-05-05 Description: The issue allows attackers to discover sensitive information, including usernames, e-mail addresses, passwords, and telephone numbers, in the admin panel of the TeleMessage service. This has...

PT-2025-23110 · Unknown · Telemessage +1

Name of the Vulnerable Software and Affected Versions: TeleMessage versions through 2025-05-05 TeleMessage TM SGNL affected versions not specified Description: The TeleMessage service configures Spring Boot Actuator with an exposed heap dump endpoint at the /heapdump URI. This vulnerability has...

TeleMessage 安全漏洞

TeleMessage is a secure and compliant messaging solution for organizations from TeleMessage Israel. A security vulnerability exists in TeleMessage version 2025-05-05 and earlier, which stems from the use of MD5 for password hashing and could lead to a rainbow table attack...

CISA Adds TeleMessage Vulnerability to KEV List Following Breach

CISA adds TeleMessage flaw to KEV list, urges agencies to act within 3 weeks after a breach exposed…...

TeleMessage TM SGNL Hidden Functionality Vulnerability

TeleMessage TM SGNL contains a hidden functionality vulnerability in which the archiving backend holds cleartext copies of messages from TM SGNL application users...

PT-2025-20382 · Telemessage · Telemessage Archiving Backend

Name of the Vulnerable Software and Affected Versions: TeleMessage archiving backend versions through 2025-05-05 Description: The issue concerns the acceptance of API calls from the TM SGNL aka Archive Signal app to request an authentication token, using hardcoded credentials. The credentials use...

CVE-2025-47730

The TeleMessage archiving backend (versions through 2025-05-05) is affected by an authentication-side flaw where the API endpoint used to request an authentication token accepts calls from the TM SGNL (Archive Signal) app using hardcoded credentials (user: logfile, password: enRR8UVVywXYbFkqU#QDP...

CVE-2025-47730

The TeleMessage archiving backend through 2025-05-05 accepts API calls to request an authentication token from the TM SGNL aka Archive Signal app with the credentials of logfile for the user and enRR8UVVywXYbFkqUQDPRkO for the password...