Lucene search
K
SmarshTelemessage

8 matches found

CVE
CVE
•added 2025/05/28 12:0 a.m.•231 views

CVE-2025-48927

CVE-2025-48927 concerns TeleMessage service configuring Spring Boot Actuator with an exposed /heapdump endpoint. Connected sources confirm the heapdump exposure stems from Actuator configuration and is implicated by multiple advisories (NVD entry, CISA KEV listing, and related GitHub/GHSA advisor...

5.3CVSS7AI score0.07857EPSS
In wild
CVE
CVE
•added 2025/05/28 12:0 a.m.•181 views

CVE-2025-48928

CVE-2025-48928 affects the TeleMessage service (TeleMessage TM SGNL) running a JSP-based application up to 2025-05-05. The issue is that heap content can resemble a core dump, exposing passwords previously sent over HTTP within that dump. Exploitation was observed in the wild in May 2025. Public ...

4CVSS7.2AI score0.00366EPSS
In wild
CVE
CVE
•added 2025/05/08 12:0 a.m.•110 views

CVE-2025-47730

The TeleMessage archiving backend (versions through 2025-05-05) is affected by an authentication-side flaw where the API endpoint used to request an authentication token accepts calls from the TM SGNL (Archive Signal) app using hardcoded credentials (user: logfile, password: enRR8UVVywXYbFkqU#QDP...

7.5CVSS5.3AI score0.00323EPSS
CVE
CVE
•added 2025/05/28 12:0 a.m.•63 views

CVE-2025-48929

The CVE-2025-48929 affects the TeleMessage service up to 2025-05-05, where authentication relies on a long‑lived credential that can be reused if discovered. This is the stated root cause. Some connected sources indicate this vulnerability has been exploited in the wild (May 2025) and suggest rem...

9.8CVSS6.7AI score0.00282EPSS
CVE
CVE
•added 2025/05/28 12:0 a.m.•55 views

CVE-2025-48925

Summary: The TeleMessage service (through 2025-05-05) relies on a client-side MD5 hashing step (in the TM SGNL app) and accepts the resulting hash as the authentication credential. This design implies that authentication can be performed using a hash generated on the client, effectively tying cre...

7.5CVSS6.7AI score0.00233EPSS
CVE
CVE
•added 2025/05/28 12:0 a.m.•51 views

CVE-2025-48931

The CVE-2025-48931 entry concerns TeleMessage service passwords hashed with MD5 (through 2025-05-05). Root cause: MD5-based password hashing enabling rainbow-table and related attacks with low computational effort. Impact is implied as password-cryptography weakness; no explicit exploited vector ...

5.5CVSS7.4AI score0.00081EPSS
CVE
CVE
•added 2025/05/28 12:0 a.m.•50 views

CVE-2025-48930

CVE-2025-48930 concerns the TeleMessage service up to 2025-05-05. The issue is that the service stores certain data in memory in cleartext, and this memory content may be accessible to an adversary via various avenues. The primary concrete detail across connected sources is the in-memory storage ...

5.3CVSS6.2AI score0.00115EPSS
CVE
CVE
•added 2025/05/28 12:0 a.m.•49 views

CVE-2025-48926

CVE-2025-48926 affects the TeleMessage service admin panel (through 2025-05-05). The vulnerability enables an attacker to enumerate sensitive user data including usernames, email addresses, passwords, and telephone numbers via the administrative interface, constituting a high confidentiality impa...

7.5CVSS6.4AI score0.00216EPSS