VYPR
Vendor

Telemessage

Products
2
CVEs
7
Across products
8
Status
Private

Products

2

Recent CVEs

7
  • CVE-2025-48927KEVMay 28, 2025
    risk 0.13cvss epss 0.08

    The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025.

  • CVE-2025-48928KEVMay 28, 2025
    risk 0.13cvss epss 0.00

    The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025.

  • CVE-2025-47729KEVMay 8, 2025
    risk 0.12cvss epss 0.00

    The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL (aka Archive Signal) app users, which is different functionality than described in the TeleMessage "End-to-End encryption from the mobile phone through to the corporate archive"…

  • CVE-2025-48925May 28, 2025
    risk 0.00cvss epss 0.00

    The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and then accepts the hash as the authentication credential.

  • CVE-2025-48926May 28, 2025
    risk 0.00cvss epss 0.00

    The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames, e-mail addresses, passwords, and telephone numbers.

  • CVE-2025-48931May 28, 2025
    risk 0.00cvss epss 0.00

    The TeleMessage service through 2025-05-05 relies on MD5 for password hashing, which opens up various attack possibilities (including rainbow tables) with low computational effort.

  • CVE-2025-47730May 8, 2025
    risk 0.00cvss epss 0.00

    The TeleMessage archiving backend through 2025-05-05 accepts API calls (to request an authentication token) from the TM SGNL (aka Archive Signal) app with the credentials of logfile for the user and enRR8UVVywXYbFkqU#QDPRkO for the password.