CVE-2014-0357 Information

Description

Amtelco miSecureMessages allows remote attackers to read the messages of arbitrary users via an XML request containing a valid license key and a modified contactID value as demonstrated by a request from the iOS or Android application.

Reference

http://ics-cert.us-cert.gov/advisories/ICSA-14-121-01 http://www.kb.cert.org/vuls/id/251628 https://service.amtelco.com/INFINITY/MSM/MSM6.2SecurityBriefing.pdf