Vulnerabilidades em TeleMessage
9 resultadosCVE-2025-48927MEDIUMThe TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploitEPSS 7.9%KEVCVE-2025-47729LOWThe TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL (aka Archive Signal) app users, which iEPSS 0.4%KEVCVE-2025-48928MEDIUMThe TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" inEPSS 0.4%KEVCVE-2025-47730MEDIUMThe TeleMessage archiving backend through 2025-05-05 accepts API calls (to request an authentication token) from the TM SGNL (aka Archive SiEPSS 0.3%CVE-2025-48929MEDIUMThe TeleMessage service through 2025-05-05 implements authentication through a long-lived credential (e.g., not a token with a short expiratEPSS 0.3%CVE-2025-48925MEDIUMThe TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and then accepts the hash asEPSS 0.2%CVE-2025-48926MEDIUMThe admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames, e-mail addresses, passwords, and telepEPSS 0.2%CVE-2025-48930LOWThe TeleMessage service through 2025-05-05 stores certain cleartext information in memory, even though memory content may be accessible to aEPSS 0.1%CVE-2025-48931LOWThe TeleMessage service through 2025-05-05 relies on MD5 for password hashing, which opens up various attack possibilities (including rainboEPSS 0.1%