Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Splicecom Security Vulnerabilities

cve
cve

CVE-2023-33757

A lack of SSL certificate validation in Splicecom iPCS (iOS App) v1.3.4, iPCS2 (iOS App) v2.8 and before, and iPCS (Android App) v1.8.5 and before allows attackers to eavesdrop on communications via a man-in-the-middle attack.

5.9CVSS

5.6AI Score

0.001EPSS

2024-01-25 08:15 AM
15
cve
cve

CVE-2023-33758

Splicecom Maximiser Soft PBX v1.5 and before was discovered to contain a cross-site scripting (XSS) vulnerability via the CLIENT_NAME and DEVICE_GUID fields in the login component.

6.1CVSS

6AI Score

0.0005EPSS

2024-01-25 08:15 AM
13
cve
cve

CVE-2023-33759

SpliceCom Maximiser Soft PBX v1.5 and before does not restrict excessive authentication attempts, allowing attackers to bypass authentication via a brute force attack.

9.8CVSS

9.4AI Score

0.001EPSS

2024-01-25 08:15 AM
12
cve
cve

CVE-2023-33760

SpliceCom Maximiser Soft PBX v1.5 and before was discovered to utilize a default SSL certificate. This issue can allow attackers to eavesdrop on communications via a man-in-the-middle attack.

5.3CVSS

5.2AI Score

0.001EPSS

2024-01-25 08:15 AM
16